职位描述：

The senior product software/application Security Engineer, takes responsibility on design, development, implementation, operation, monitoring, check and improvement of security development life cycle on R&D product software and IT application security.

工作职责：

1．Work closely with R&D key stake holders, responsible for and participate in design and development the policy/process/procedure of software security development.

2. Work closely with R&D key stake holders, participate in stage gate review of software development

3．Responsible for building and developing IT application security development framework and relevant process, deploy and implement the necessary tool

4．Perform expert advice and guidance to R&D and IT teams in security assessment, testing and in fixing vulnerabilities

5. Conduct software/application security audits, risk analysis, vulnerability testing and security reviews

6. Manage tools, servers and infrastructure supporting the application risk testing and analysis program.

7. Incident analysis, respond and management

8. Provide guidance on relevant software/application security industry standards and practices, establish the vulnerability library and knowledgebase at company level

9. Develop training material and responsible for new developers and for continuing education of R&D and IT application employees

10. Provide excellent coordination with R&D, IT teams and business departments

职位要求:

1. Bachelor's Degree or above in computer science, 5 years of experience in related position

2．Good command of written and oral English

3. Strong interpersonal communication, strong conscientious, work with the team effectively, can mobilise and inspire others.

4．Good understanding on security development cycle, such as SDL or OWASP SAMM

5. Deep knowledge at Java, .net, or mobile application development and with programming capability

6. Good knowledge of Windows and Linux, database and information security fundamentals, solid experience of implementing security baseline

7. Experience in common vulnerability issue analysis and resolve

8.Strong experience is using Application Security scan tools: AppScan, WAF, WebInspect, etc

Additional requirements:

1．Experience in risk assessment projects

2. Experience in development of security tools