职位概述
This position is responsible for focusing domain areas of expertise as well as a good breadth of experience across project management, Network/Application Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, IoT devices Penetration Testing, Open-Source Intelligence and Physical Security Testing.
岗位职责
1. Control the pace of the Cyber security project, and complete the testing project with quality and quantity guaranteed.
2. Carrying out application and IoT device security tests and performing various aspects of vulnerability assessments / Penetration Testing across a wide variety of platforms and technologies. Also including the execution of targeted testing activities to identify weaknesses and methods in which to exploit them.
3. Researching IoT cyber security technologies and tracking global security events. developing and maintaining security attack tools/script for automatic testing.
4. Keeping up to date with tools, countermeasures, threats, and technologies.
任职条件
1. Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, or related field.
2. Minimum 1 year of conducting project management.
3. Minimum 1 year of conducting Penetration Testing on IoT devices or mobile applications
4. Have a broad understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc.) and in-depth experience in at least two areas of relevant technology.
5. Be familiar with Unix/Linux, and mobile platform operating systems.
6. Be familiar with ARM/MIPS assembly, binary reverse engineering, and IoT firmware package/de-package.
7. Proficiency with TCP/IP based network protocols, basic PKI technology, and cryptographic algorithms
8. Proficiency with one of script languages (Python, JavaScript, Shell, etc..). Have the ability to develop test scripts/testing tools.
9. Be familiar with wireless security such as Wi-Fi, Bluetooth, and Zigbee.
10. Understand common binary security issues, common exploit methods, and countermeasures.
11. Comprehension of OWASP Top 10 (both web and IoT), NIST, and ISSAF technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.