上次的招聘信息发出后,很多同学问我,Shopee安全团队有没有Web安全、应用安全的岗位。这次大的就来了,因为我自己也是应用安全团队的,所以这个岗位和我是同一个部门同一个Team哦!
我们应用安全专家岗位,工作地点是深圳或新加坡,所以投递的时候最好跟我说明你想要base在哪个地点。
对于我们公司和我们团队的介绍,工作福利待遇等,可以点击下图查看我前面的文章:
应用安全岗位招聘JD如下(中文和英文版本)。
✅ 安全专家-SDLC方向
岗位职责
参与安全SDLC开发生命周期的落地工作,参与业务的安全方案评审、安全设计及技术评估
负责参与完善安全开发流程、体系化建设,制定相关安全标准和要求
输出安全解决方案和安全测试报告,针对其中漏洞输出修复方案并跟进落地
评估主流应用框架的风险点,制定安全方案为各业务线提供安全支持
岗位要求
本科及以上学历,5年以上相关工作经验
熟悉常见Web安全漏洞,对漏洞原理、利用与修复加固有深刻理解
熟悉甲方SDLC流程落地和安全建设,有互联网公司SDLC工作经验,曾独立负责大型业务线落地
熟练掌握黑盒测试方法和路径,能够独自完成源码审计工作,熟悉和实践过安全设计CheckList
熟悉Java、Python、PHP、Go、C等至少一种编程语言,能熟练阅读设计文档和相关代码
对常见的认证、越权、篡改等业务逻辑漏洞有了解,能够独立挖掘业务逻辑漏洞
在漏洞挖掘,代码审计及安全解决方案等方向有丰富经验
加分项
拥有著名开源或通用软件漏洞CVE,有框架层漏洞挖掘经验
参与过大型开源项目开发,熟悉团队开发流程与工具
具备流利的英文沟通能力,能够与跨国团队合作
✅ Expert Security Engineer - Secure Software Development Life Cycle (S-SDLC)
Key Job Responsibilities
Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments
Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements
Produce security solutions and security test reports, provide advice in patching vulnerabilities and follow up with the risk mitigation
Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line
Key Job Requirements
Bachelor's degree in Computer Science, Engineering or related fields
More than 5 years of relevant work experience
Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilisation, patching, and reinforcement of various vulnerabilities
Familiar with the implementation of enterprise's SDLC process, have work experience in building secure SDLC for IT companies. Having been in charge of secure SDLC for a large dev team.
Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;
Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes
Having understanding in common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus
Extensive experience in vulnerability mining, code auditing and security solutions Experience in vulnerability mining at the framework level is preferred
Bonus Points
Having been credited to high-risk CVEs for well-known projects
Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
Fluent English communication skills for effective collaboration with multinational teams
感兴趣的同学,可以在公众号后台联系我,或者直接将简历发送至我的邮箱:[email protected]