about the job.
• Based on the cybersecurity guideline, engage 3rd-party for an onsite vulnerability scanning activities
• Responsible in obtaining the CCRC qualification
• Support in performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of a medical product or solution.
...
• Evaluation of third party components regarding product & solution security.
• Verification of implementation regarding security requirements (e.g. as part of system test, acceptance test). This includes recommendation and creation of security testing tools.
• Validation (e.g. friendly hacking, penetration testing) to ensure that implementation fulfills security expectations of customers (e.g. to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures). This includes recommendation and creation of security testing tools.
• Review the quality of a service provided by a 3rd-party vendor, facilitate the 3rd-party pen test engagement for the product R&D team
• Estimate and measure the workload required for each engagement.
skills and experience required.
• Bachelor’s degree or above, over 2 years' experience and track-record in cybersecurity testing
• Solid knowledge of relevant cybersecurity testing such as SAST/DAST, SCA, vulnerability scanning & etc.
• Familiar with security testing tools and experience leveraging them in a real-life scenario.
• Familiar with pen testing tools such as BurpSuit, NMAP, Kali Linux
• Extensive expertise in analyzing the threats and be ability to identify known exploits
• Expertise in coaching developers, architects and build cybersecurity awareness.
• Proper written and verbal communication skills; Be able to express clearly in both written and spoken English/Mandarin
• Self-motivated and structurally ramp up new technologies;
• Familiar with cloud security benchmark and experience auditing cloud security misconfigurations.
• Basic understanding of the vulnerability management and security operation.