Salary: 60K-150K
Age: 21-35 years
Job Requirements:
1. Strong communication, teamwork, and new technology learning abilities; responsible work attitude; experience in network security services or penetration testing.
2. Familiar with the steps, methods, and processes of penetration testing; proficient in using security tools and manual testing for penetration testing on targets.
3. Proficient in one or more mainstream programming languages (e.g., Go/PHP/Python/Java).
4. Experience in publishing information security-related technical articles or vulnerabilities on domestic and international security sites, or participation in well-known cyber attack and defense competitions with rankings is a plus.
5. Proficient in web attack and defense technologies, web penetration testing and defense: OWASP, TOP10, XSS, CSRF, SQL injection, file upload/include, command injection, etc., understanding of vulnerability principles and remediation methods, capable of conducting independent penetration tests.
6. Reverse engineering: Familiar with reverse engineering tools (OllyDbg, SoftICE, WinDbg), software protection and cracking, antivirus and evasion techniques.
7. Software vulnerability exploitation: Stack overflow principles and practices, shellcode, fuzzing, vulnerability analysis.
8. Social engineering: Information collection, disguise, inducement, psychological tactics, persuasion, and social engineering tools.
9. Penetration testing: Information gathering, scanning and service identification, vulnerability validation, infinite security, sniffing attacks, proxy and tunneling, Metasploit penetration attacks, etc.
Responsibilities:
1. Perform authorized security testing on sites, applications, and devices.
2. Analyze common web, system, middleware vulnerabilities and write vulnerability reports.
3. Conduct research and practice on new technologies.
4. Complete assigned support tasks.