重庆招聘

    Responsibilities:
 -Perform segmentation testing, penetration testing against the new building environment, or after any significate changes, and/or on a scheduled quarterly basis or on an adhoc basis
 -Provide remediation suggestions to responsible teams for repairing the findings
 -Manage End to End testing process including scoping, preparation, execution, documentation, follow up, and remediation validation
 -Coordinate with security operations to get internal vulnerability fixed on timely manner
 -Creates reports to display trends and overall statistics based on correlated security incidents and event data to produce monthly exception and management reports.
 -Creates and implements standard operating procedures and processes to help penetration testing, segmentation testing, and vulnerability remediation
 -Promote security awareness activities and implement security awareness concepts locally, customizing communications to be suitable for the business and users. Point of contact for all local security escalations
 -Prepares periodic security reports for senior management and corporate security summarizing the risk posture for the business
-Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stake-holders

Requirements
 -Bachelor’s in computer or Software Engineering, Computer Science, Information Management, Information Science or a related technical field
 -6+ years of overall work experience
 -5+ years of experience working in information security or information technology roles
 - Experience developing, implementing, internal penetration testing programs
 -Experience in penetration techniques including credentials (username/password) scraping, vulnerability identification and exploitation, attack vector identification, and post testing cleanup activities
 -Experience with NMAP script development and execution
 -Familiarity with SOX and PCI based network controls, multi-factor systems and controls, and proper incident response activities
 -Demonstrated ability to interact with business and technical audiences across all levels and technical disciplines of an organization
 -in-depth knowledge of common internet protocols (e.g., DNS, HTTP)
 -Security knowledge across multiple security domains and technologies (e.g., operating systems, databases, networking, applications, identity and access management)
 -Strong knowledge of and experience working in Windows and Linux environments
 -Knowledge of VPN technologies, virtualization technologies and cloud based solutions
 -Experience prioritizing and managing multiple projects with competing priorities
 -Demonstrated ability to maintain calm and focus a team during a crisis situation
 -Strong knowledge of project management approaches and coordination of short and medium duration projects
 -Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA)
-Good English Skills in Verbal and Written  

微信分享