普华永道(成都)有限公司
成都 ·财务/审计/税务 ·10000人以上
网络安全工程师-红队
8-13K·13薪
成都
3-5年
本科
全职
职位描述
岗位介绍:
1. Be familiar with the basis of operating system, OSI network model, various computer services and protocols.
1.熟悉操作系统基础、OSI网络模型、计算机各类服务和协议。
2. Be familiar with the principles of firewall, IDS / IPS and WAF, and be familiar with the security reinforcement of host operating system (Windows / Linux).
2. 熟悉防火墙、IDS/IPS、WAF等原理,熟悉主机操作系统(Windows/Linux)安全加固。
3. Be familiar with OWASP TOP10 security risks, familiar with common vulnerability principles and reinforcement methods.
3. 熟悉OWASP TOP10安全风险,熟悉常见漏洞原理及加固方法。
4. Master a variety of tools or platforms for penetration testing or simulation attacks, such as burpsuite, awvs, nmap, Nessus, sqlmap, Metasploit, cobaltstrike, etc.
4. 熟练掌握多种渗透测试或者模拟攻击的工具或平台,如:BurpSuite、AWVS、Nmap、Nessus、SQLmap、Metasploit、CobaltStrike等。
5. Master at least three red team attack skill fields (such as web / mobile app penetration, network penetration, network security simulation attack, social engineering, threat intelligence collection, etc.), be familiar with their principles and skills, have a certain vulnerability mining ability and defense vulnerability discovery ability, and be able to independently complete the test tasks arranged by the superior.
5. 熟练掌握至少三种红队攻击技能领域(如:web/mobile app渗透、网络渗透、网络安全模拟攻击、社交工程、威胁情报搜集等),熟悉其原理、技巧,具备一定程度的漏洞挖掘能力与防御弱点发现能力,能够独立完成上级安排的测试任务。
6. Have good report preparation ability, and be able to independently complete the preparation of penetration test, risk assessment and other reports.
6. 具有良好的报告编写能力,能独立完成渗透测试、风险评估等报告的编写。
7. CET-4 or above, with strong English reading and writing skills (computer security direction), and can adapt to the English office environment.
7. 英语四级以上,有较强的英语阅读、写作能力(计算机安全方向),可适应英文办公环境。
8. Be familiar with at least one computer programming language (C, Java, python, go, PHP, etc.).
8. 至少熟悉一种计算机编程语言(C、JAVA、Python、Go、PHP等)。
9. Be familiar with at least two international or regional compliance requirements or network security standards (such as China's network security law, personal information protection law, China's data security law, level protection 2.0, EU GDPR, ISO27000, NIST cybersecurity framework, NIST privacy framework, PCI-DSS, etc.), in security compliance, risk management have some practical experience in system planning.
9. 至少熟悉两种国际或区域性合规要求或者网络安全标准(如:中国网络安全法、个人信息保护法、中国数据安全法、等级保护2.0、欧盟GDPR、ISO27000、NIST Cybersecuirty Framework、NIST Privacy Framework、PCI-DSS等),在安全合规、风险管理、体系规划等方面具备一定的实践经验。
10. Master Mandarin listening, speaking, reading and writing, CET-4 or above, have good Chinese and English reading and writing skills (computer security direction), and can adapt to the English office environment.
10. 掌握普通话的听说读写,英语四级以上,有良好的中英文阅读与写作能力(计算机安全方向),可适应英文办公环境。
11. Can work under pressure and accept flexible working time according to project’s requirement and can accept short-term travel.
11. 吃苦耐劳,能适应灵活的工作时间,根据项目需要,能接受短期国内出差。
12. Vulnerabilities submitted on major SRC platforms (extra points).
12. 在各大SRC平台提交过漏洞(加分项)。
1. Be familiar with the basis of operating system, OSI network model, various computer services and protocols.
1.熟悉操作系统基础、OSI网络模型、计算机各类服务和协议。
2. Be familiar with the principles of firewall, IDS / IPS and WAF, and be familiar with the security reinforcement of host operating system (Windows / Linux).
2. 熟悉防火墙、IDS/IPS、WAF等原理,熟悉主机操作系统(Windows/Linux)安全加固。
3. Be familiar with OWASP TOP10 security risks, familiar with common vulnerability principles and reinforcement methods.
3. 熟悉OWASP TOP10安全风险,熟悉常见漏洞原理及加固方法。
4. Master a variety of tools or platforms for penetration testing or simulation attacks, such as burpsuite, awvs, nmap, Nessus, sqlmap, Metasploit, cobaltstrike, etc.
4. 熟练掌握多种渗透测试或者模拟攻击的工具或平台,如:BurpSuite、AWVS、Nmap、Nessus、SQLmap、Metasploit、CobaltStrike等。
5. Master at least three red team attack skill fields (such as web / mobile app penetration, network penetration, network security simulation attack, social engineering, threat intelligence collection, etc.), be familiar with their principles and skills, have a certain vulnerability mining ability and defense vulnerability discovery ability, and be able to independently complete the test tasks arranged by the superior.
5. 熟练掌握至少三种红队攻击技能领域(如:web/mobile app渗透、网络渗透、网络安全模拟攻击、社交工程、威胁情报搜集等),熟悉其原理、技巧,具备一定程度的漏洞挖掘能力与防御弱点发现能力,能够独立完成上级安排的测试任务。
6. Have good report preparation ability, and be able to independently complete the preparation of penetration test, risk assessment and other reports.
6. 具有良好的报告编写能力,能独立完成渗透测试、风险评估等报告的编写。
7. CET-4 or above, with strong English reading and writing skills (computer security direction), and can adapt to the English office environment.
7. 英语四级以上,有较强的英语阅读、写作能力(计算机安全方向),可适应英文办公环境。
8. Be familiar with at least one computer programming language (C, Java, python, go, PHP, etc.).
8. 至少熟悉一种计算机编程语言(C、JAVA、Python、Go、PHP等)。
9. Be familiar with at least two international or regional compliance requirements or network security standards (such as China's network security law, personal information protection law, China's data security law, level protection 2.0, EU GDPR, ISO27000, NIST cybersecurity framework, NIST privacy framework, PCI-DSS, etc.), in security compliance, risk management have some practical experience in system planning.
9. 至少熟悉两种国际或区域性合规要求或者网络安全标准(如:中国网络安全法、个人信息保护法、中国数据安全法、等级保护2.0、欧盟GDPR、ISO27000、NIST Cybersecuirty Framework、NIST Privacy Framework、PCI-DSS等),在安全合规、风险管理、体系规划等方面具备一定的实践经验。
10. Master Mandarin listening, speaking, reading and writing, CET-4 or above, have good Chinese and English reading and writing skills (computer security direction), and can adapt to the English office environment.
10. 掌握普通话的听说读写,英语四级以上,有良好的中英文阅读与写作能力(计算机安全方向),可适应英文办公环境。
11. Can work under pressure and accept flexible working time according to project’s requirement and can accept short-term travel.
11. 吃苦耐劳,能适应灵活的工作时间,根据项目需要,能接受短期国内出差。
12. Vulnerabilities submitted on major SRC platforms (extra points).
12. 在各大SRC平台提交过漏洞(加分项)。
公司介绍
PwC Business Services (Chengdu) Co., Ltd (SDC) is operational in Chengdu on 1 July 2012. The SDC will serve PwC China mainland and Hong Kong area.
普华永道商务服务(成都)有限公司(以下简称服务中心)于2012年7月1日在成都正式投入运营。该服务中心将为普华永道中国以及香港的业务提供支持服务。
普华永道商务服务(成都)有限公司(以下简称服务中心)于2012年7月1日在成都正式投入运营。该服务中心将为普华永道中国以及香港的业务提供支持服务。
成都武侯区天府软件园E区e1-1
面试经验
匿名用户
面试普华永道(成的全栈工程师·成都
面试未通过
二面两个人,都不是领导,上来就开始读稿子,一反问一些问题就开始转移话题,足足面了2个小时,第一次参加2小时的面试
查看更多面经(382)
相似职位
