Salary: Negotiable
Age: 21-35 years
Job Requirements:
1. Experience in red/blue team exercises and able to write exploit tools using Python
2. Familiar with at least two penetration testing methods: web penetration, mobile penetration, social engineering, etc.
3. Understanding of information security concepts, theories, and methods; passionate about challenges and willing to dedicate to the information security industry
4. Good professional ethics, with strong oral and written communication skills
5. Ability to work under pressure, communicate and provide feedback effectively, and solve problems in a timely manner
Bonus Points:
1. Original articles on security forums like Freebuf or a good ranking on vulnerability platforms
2. Experience in incident response
3. Participation in real-world network defense with good performance
Responsibilities:
1. Lead internal red/blue team exercises, conduct real-world attack-defense simulations, collaborate with the technical defense team to review and suggest improvements, verify effectiveness, and track implementation
2. Responsible for penetration testing, leading the team to perform penetration testing on the IT infrastructure, systems, and networks of the company and its subsidiaries, and pushing for vulnerability remediation
3. Research the latest attack-defense techniques, simulate APT attacks from an attacker’s perspective, and continuously improve the breadth and depth of attacks
4. Use ATT&CK and Kill Chain frameworks to organize attack TTPs, enhance the coverage and depth of simulated attack scenarios, and collaborate with the Blue Team to improve detection coverage