TS Security Engineer

CN-Shanghai
工作 ID/工作 ID
7978
有職位空缺的 #/有职位空缺的 #
1
類別/类别
技術

概覽/概览

Security is only as strong as its weakest link. Consequently, Underwriters Laboratories employs a holistic view of software security, from product design and secure system integration to the security of entire infrastructures. UL helps to combat cybersecurity risks throughout the different IT lifecycle phases, from security strategy & design, to secure software development, and implementation in wider IT network & infrastructures.

UL partners with customers to provide an independent viewpoint and provide advisory, and testing and validation services. We’ll work with customers to evaluate current security exposure and the risks they are running. We’ll help customers to develop risk-based action plans to secure and protect critical assets and data effectively and cost-efficiently. Our aim is to give customers the peace of mind that comes from knowing that you have performed the necessary due diligence to mitigate cybersecurity risks.

UL is looking for you if you're seeking a cutting edge career in Cyber Security. Do you have experience with product embedded software , smart device , or ethical hacking and match the following point ? WE WANT YOU!

  • Eager to learn , especially in self-study
  • Willing to go through a series of intense training on many cyber security domain 
  • Enjoy growing your career professionally with an international team in a multinational company

 

職責/职责

The Security Engineer will conduct, under supervision, advanced vulnerability assessments, penetration tests, and other ethical hacking actions to identify issues in embedded products (IoT) and software.

  • Participates in customer projects to analyze customer documentation to interpret Risk Management and Threat Analysis assessment models.
  • Is able, under supervision, to verify security controls in the product as described in the documentation.
  • Conducts security tests using automated tools, ad-hoc tools, and manual testing techniques.
  • Conducts penetration testing against different IoT connected devices technological domains including, but not limited to embedded devices, web apps, mobile apps and other device applications.
  • Assesses and calculates risk based on vulnerabilities and exposures discovered during testing, based on international standards such as OWASP, NIST 800-115, OPENSAMM among others
  • Creates required information security documentation, technical reports, and formal papers on test findings, and complete requests in accordance with requirements.
  • Helps drive innovation in cybersecurity services. Follow-up with the latest technical developments in the physical and logical attacks area that need to be contributed to the internal R&D developments in hardware and software to enhance the level of our attacks and to explore new forms of attacks.

資歷/资历

  • University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline, preferably mastering in a cybersecurity subject

1 to 3 years experience in:

  • Working in a Cybersecurity environment, software development, or ethical hacking.
  • Customer facing , well communication skills
  • Cybersecurity testing of products and software to identify weaknesses and flaws and ability to create PoC's and clearly document the procedure.
  • Hands-on experience with commercial, open source and free security tools for static source code analysis, fuzzing testing, dynamic and binary testing; as well as vulnerability scanning is a benefit
  • Understanding of security issues on various operating systems, web and database platforms, proven proficiency in networking and security.

Preferred experience:

  • Experience and knowledge in scripting at least one or more of the following languages: sh, csh, perl, python, ruby
  • Experience with C, C++, Java programming.
  • Experience with QNX, Linux, iOS, AOSP, etc.
  • Security related certifications is a plus: CEH, GIAC GSE
  • Expertise in testing in the following domains: Embedded software, embedded security, mobile apps, telecom or networking equipment.

選項/选项

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
在您的新聞推送上共用/在您的新闻推送上共享

與我們聯系 !/注册接收职位提醒!

還未準備申請?/ 未准备好应聘? 與我們聯系/花一分钟时间注册信息 ,作進一步考慮/以获得UL最新发布职位信息提醒。