我们的客户是某著名五百强企业。以数据中心/网络接入、医疗保健、制造、电信、无线接入行业为主

Responsibilities:

- Work closely with R&D key stake holders, responsible for and participate in design and development the policy/process/procedure of software security development.

- Work closely with R&D key stake holders, participate in stage gate review of software development

- Responsible for building and developing IT application security development framework and relevant process, deploy and implement the necessary tool

- Perform expert advice and guidance to R&D and IT teams in security assessment, testing and in fixing vulnerabilities

- Conduct software/application security audits, risk analysis, vulnerability testing and security reviews

- Manage tools, servers and infrastructure supporting the application risk testing and analysis program.

- Incident analysis, respond and management

- Provide guidance on relevant software/application security industry standards and practices, establish the vulnerability library and knowledgebase at company level

- Develop training material and responsible for new developers and for continuing education of R&D and IT application employees

- Provide excellent coordination with R&D, IT teams and business departments

Requirements:

- Bachelor's Degree or above in computer science, 5 years of experience in related position

- Good command of written and oral English

- Strong interpersonal communication, strong conscientious, work with the team effectively, can mobilise and inspire others.

- Good understanding on security development cycle, such as SDL or OWASP SAMM

- Deep knowledge at Java, .net, or mobile application development and with programming capability

- Good knowledge of Windows and Linux, database and information security fundamentals, solid experience of implementing security baseline

- Experience in common vulnerability issue analysis and resolve

- Strong experience is using Application Security scan tools: AppScan, WAF, WebInspect, etc

Additional requirements:

- Experience in risk assessment projects

- Experience in development of security tools