上次的招聘信息发出后,很多同学问我,Shopee安全团队有没有Web安全、应用安全的岗位。这次大的就来了,因为我自己也是应用安全团队的,所以这个岗位和我是同一个部门同一个Team哦!
我们应用安全专家岗位,工作地点是深圳或新加坡,所以投递的时候最好跟我说明你想要base在哪个地点。
对于我们公司和我们团队的介绍,工作福利待遇等,可以点击下图查看我前面的文章:
应用安全岗位招聘JD如下(中文和英文版本)。
✅ 安全专家-SDLC方向
岗位职责
- 参与安全SDLC开发生命周期的落地工作,参与业务的安全方案评审、安全设计及技术评估
- 负责参与完善安全开发流程、体系化建设,制定相关安全标准和要求
- 输出安全解决方案和安全测试报告,针对其中漏洞输出修复方案并跟进落地
- 评估主流应用框架的风险点,制定安全方案为各业务线提供安全支持
岗位要求
- 熟悉常见Web安全漏洞,对漏洞原理、利用与修复加固有深刻理解
- 熟悉甲方SDLC流程落地和安全建设,有互联网公司SDLC工作经验,曾独立负责大型业务线落地
- 熟练掌握黑盒测试方法和路径,能够独自完成源码审计工作,熟悉和实践过安全设计CheckList
- 熟悉Java、Python、PHP、Go、C等至少一种编程语言,能熟练阅读设计文档和相关代码
- 对常见的认证、越权、篡改等业务逻辑漏洞有了解,能够独立挖掘业务逻辑漏洞
- 在漏洞挖掘,代码审计及安全解决方案等方向有丰富经验
加分项
- 拥有著名开源或通用软件漏洞CVE,有框架层漏洞挖掘经验
✅ Expert Security Engineer - Secure Software Development Life Cycle (S-SDLC)
Key Job Responsibilities
- Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments
- Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements
- Produce security solutions and security test reports, provide advice in patching vulnerabilities and follow up with the risk mitigation
- Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line
Key Job Requirements
- Bachelor's degree in Computer Science, Engineering or related fields
- More than 5 years of relevant work experience
- Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilisation, patching, and reinforcement of various vulnerabilities
- Familiar with the implementation of enterprise's SDLC process, have work experience in building secure SDLC for IT companies. Having been in charge of secure SDLC for a large dev team.
- Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;
- Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes
- Having understanding in common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus
- Extensive experience in vulnerability mining, code auditing and security solutions
Experience in vulnerability mining at the framework level is preferred
Bonus Points
- Having been credited to high-risk CVEs for well-known projects
- Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
- Fluent English communication skills for effective collaboration with multinational teams
感兴趣的同学,可以在公众号后台联系我,或者直接将简历发送至我的邮箱:[email protected]