岗位介绍:
1. Be familiar with the basis of operating system, OSI network model, various computer services and protocols.
1.熟悉操作系统基础、OSI网络模型、计算机各类服务和协议。
2. Be familiar with the principles of firewall, IDS / IPS and WAF, and be familiar with the security reinforcement of host operating system (Windows / Linux).
2. 熟悉防火墙、IDS/IPS、WAF等原理,熟悉主机操作系统(Windows/Linux)安全加固。
3. Be familiar with OWASP TOP10 security risks, familiar with common vulnerability principles and reinforcement methods.
3. 熟悉OWASP TOP10安全风险,熟悉常见漏洞原理及加固方法。
4. Master a variety of tools or platforms for penetration testing or simulation attacks, such as burpsuite, awvs, nmap, Nessus, sqlmap, Metasploit, cobaltstrike, etc.
4. 熟练掌握多种渗透测试或者模拟攻击的工具或平台,如:BurpSuite、AWVS、Nmap、Nessus、SQLmap、Metasploit、CobaltStrike等。
5. Master at least three red team attack skill fields (such as web / mobile app penetration, network penetration, network security simulation attack, social engineering, threat intelligence collection, etc.), be familiar with their principles and skills, have a certain vulnerability mining ability and defense vulnerability discovery ability, and be able to independently complete the test tasks arranged by the superior.
5. 熟练掌握至少三种红队攻击技能领域(如:web/mobile app渗透、网络渗透、网络安全模拟攻击、社交工程、威胁情报搜集等),熟悉其原理、技巧,具备一定程度的漏洞挖掘能力与防御弱点发现能力,能够独立完成上级安排的测试任务。
6. Have good report preparation ability, and be able to independently complete the preparation of penetration test, risk assessment and other reports.
6. 具有良好的报告编写能力,能独立完成渗透测试、风险评估等报告的编写。
7. CET-4 or above, with strong English reading and writing skills (computer security direction), and can adapt to the English office environment.
7. 英语四级以上,有较强的英语阅读、写作能力(计算机安全方向),可适应英文办公环境。
8. Be familiar with at least one computer programming language (C, Java, python, go, PHP, etc.).
8. 至少熟悉一种计算机编程语言(C、JAVA、Python、Go、PHP等)。
9. Be familiar with at least two international or regional compliance requirements or network security standards (such as China's network security law, personal information protection law, China's data security law, level protection 2.0, EU GDPR, ISO27000, NIST cybersecurity framework, NIST privacy framework, PCI-DSS, etc.), in security compliance, risk management have some practical experience in system planning.
9. 至少熟悉两种国际或区域性合规要求或者网络安全标准(如:中国网络安全法、个人信息保护法、中国数据安全法、等级保护2.0、欧盟GDPR、ISO27000、NIST Cybersecuirty Framework、NIST Privacy Framework、PCI-DSS等),在安全合规、风险管理、体系规划等方面具备一定的实践经验。
10. Master Mandarin listening, speaking, reading and writing, CET-4 or above, have good Chinese and English reading and writing skills (computer security direction), and can adapt to the English office environment.
10. 掌握普通话的听说读写,英语四级以上,有良好的中英文阅读与写作能力(计算机安全方向),可适应英文办公环境。
11. Can work under pressure and accept flexible working time according to project’s requirement and can accept short-term travel.
11. 吃苦耐劳,能适应灵活的工作时间,根据项目需要,能接受短期国内出差。
12. Vulnerabilities submitted on major SRC platforms (extra points).
12. 在各大SRC平台提交过漏洞(加分项)。