Salary: Negotiable
Age: 21-35 years
10 hours per day, 2 days off per month
Job Requirements:
1. At least 3 years of penetration testing experience or work experience in the security industry, with practical experience in vulnerability discovery in PHP, ASP, Java, etc., and proficiency in common web defense methods.
2. In-depth understanding of programming languages such as C/C++, C#, JAVA, and strong programming ability.
3. Skilled in identifying common code defects and security vulnerabilities in programs developed with PHP, Python, ASP .NET, JavaWeb, etc.
4. Proficient in mainstream source code auditing tools, such as Checkmarx CxEnterprise, Fortify SCA, RIPS, etc.
5. Familiar with common security attack and defense techniques and security vulnerabilities, and familiar with common penetration testing tools, such as Rapid7, Awvs, Nmap, Nessus, Openvas, Metasploit, etc.
6. Familiar with common web security vulnerabilities and defenses, including SQL injection, XSS, CSRF, and other OWASP Top 10 security risks.
7. Preference given to candidates with successful exploitation of vulnerabilities in open-source programs such as Discuz, PHPCMS, ECShop, Dedecms, SDCMS, etc.
8. Proficient in using source code testing tools and testing processes, and practical experience in source code security testing is preferred.
9. Experience in the operation and maintenance of application firewalls, such as WAF, IDS, is preferred.
10. Familiar with security products and technologies from mainstream domestic and international vendors and open-source projects.
Responsibilities:
1. Website security protection.
2. Optimize emergency response processes and respond to emergency attacks.
3. Keep updated on the latest vulnerabilities and verify and fix vulnerabilities with business systems in a timely manner.
4. Analyze and penetrate vulnerabilities in high-traffic websites and gain modification rights.