优秀实用范文分享
网络信息安全工程师 莱茵技术 莱茵技术(上海)有限公司,tuv,上海莱茵,莱茵技术,莱茵集团 *conduct security audits & performing testing of products that come into our labs and produce necessary reports
对实验室产品进行安全审计和实施产品测试并提供测试报告
*conduct privacy reviews based on checklists covering architecture, design and produce necessary reports
基于公司测试标准对产品和服务进行隐私评审,包括但不局限于系统架构、设计,测试等,并提供测试报告
*collaborate as a team member across business streams as a security testing sme and independently manage security/privacy testing scope.
做为安全测试专家能够独立管理安全和隐私测试的范围,并做为全球团队一员跨业务线支持和合作相关业务
desired experience:
*experience in manually testing web applications or enterprise penetration testing
手工入侵测试网站或网站式应用经验
*extensive hands on experiences with security tools like nessus, fortify, webinspect, qualys, burp, rapid7 etc.
广泛熟练使用安全测试工具,开源或商业测试软件:nessus, fortify, webinspect, qualys, burp, rapid7 等
*strong knowledge in current security threats, trends, and mitigation.
对于目前主流的安全威胁,趋势和解决方案有深入了解
*passion for discovering and researching new vulnerabilities and exploitation techniques.
对于发现和研究新的漏洞和开发技术有热情
*network and infrastructure assessment using vulnerability scanners, generate report and propose remediation plan.
使用漏洞扫描工具对网络和基础架构进行漏洞扫描,提出报告并建议整改方案
*familiarity with the owasp framework and application security best practices.
熟悉并了解owasp架构,应用安全的最佳实践 以及10大威胁。
*familiarity with mobile app security(code harden/communication encryption/data obfuscation etc.) and iot product security(reverse engineering/blooth,zig-bee,z-wave security)
对移动应用安全(代码加固,通信加密,数据混淆等)和物联网设备安全(逆向工程,蓝牙,zig-bee,z-wave安全) 有深入了解
*familiarity with pci, gdpr or other regulatory requirements
熟悉国际主流的信息安全法规,如pci或gdpr
*demonstrated familiarity with nist special publication 800-53 and cve (common vulnerabilities and exposures) standards,bsi encryption best practice.
熟悉并了解nist标准,主要800-53和国际通用漏洞披露标准, 了解bsi加密实践
*experience of developing and leading technical remediation/mitigation activities of enterprise-wide issues, and providing status updates and reports. emphasis on remediation plans and strategies.
有过主导企业范围内的安全风险技术评估,能够提供状态更新和报告,并提供解决方案和战略规划者最佳。
*demonstrated experience with effective written and verbal communication skills – ability to prepare and present security assessment results to senior management
能够以有效地语言和书面表达方式向客户或领导演示安全风险评估的结果。
*certified ethical hacker certification and/or network certification and or cissp/cism certification.
ceh/cissp/cis,网络安全认证或其它安全认证证书持有者最佳