This position oversees all cybersecurity assurance testing for company’s global business.
- Utilize various technical solutions to test self-developed and 3rd party applications, conduct reding teaming/ethical hacking, and meet other security testing request.
- Define and manage cybersecurity assurance testing strategy, policy and processes based on company’s global business needs.
Job Responsibilities
- Responsible for leading company’s cybersecurity assurance testing operations duties and the team.
- Responsible for delivering all security testing requests, including but not limited to Applications, Infrastructure, Vulnerability, Exception Validation, Ethical Hacking, etc.
- Responsible for application, web and mobile app security related assessments, security baseline, security template, code security, technical testing, and remediation plans.
- Responsible for design of security practice instruction and technical solutions for the different security levels in order to protect data in terms of confidentiality, integrity and availability.
- Responsible for company’s best security practices/instruction for application development/SDLC.
- Responsible for solutions to implement the SDLC security requirements and foster SDLC culture.
- Working with other info security functions and business functions on data protection and application security related topics.
- Other tasks assigned by CISO.
Key Performance Measures
- Effectiveness on cybersecurity assurance testing operation.
- Effectiveness on application, mobile web security.
- Key business stakeholder feedbacks.
Competency
- Solid and deep knowledge and hands-on skills on pen-testing and red-teaming.
- Solid and deep knowledge and hands-on skills on using the following testing tools, Fortify for SAST, Webinspect for DAST, 3rd party dependency check, Burpsuite and Nmap.
- Solid and deep knowledge and hands-on skills on application security / SDLC security in order to meet the diverse application development scenarios, including but not limited to threat modelling, code audit, waterfall development, DevOps development, and large-scale agile development.
- Solid and deep knowledge on web security based on CIS 3.0, OWASP, SANS sources and other global sources and have the solid ability to identify the risks in company’s environment.
- Advanced competency to track the latest data protection and application security development from major international sources such as CIS, OWASP, SANS, etc.
- Ability to work independently with or without direction and/or supervision.
- Ability to prioritize and multitask in a complex environment.
- Ability to influence and communicate effectively with both technical and non-technical audiences.
Qualification
- Bachelor Degree of Information Security or other related majors.
- Meet the competencies as defined above.
- At least one major computer programming language, e.g., .net/shell/perl/python/php/ c/c++/Java.
- Professional certification to evidence the skills on data protection and application security.
- International/MNC work experiences or project delivery outside China.
- Fluent English language skills.
- Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) is a plus.
- Fortify for SAST, Webinspect for DAST, 3rd party dependency check, Burpsuite and Nmap.
- Strong written and verbal language skills in English.
- 10years of information technology working experience.
- 5 years of cybersecurity engineering and operations working experience.
- Global enterprise experience is a plus.
- Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) is a plus.
- Project Management Professional (PMP) certificate is a plus.
