Senior Security Analyst(高级安全分析专家)
UL中国
- 公司规模:1000-5000人
- 公司性质:合资
- 公司行业:检测,认证
职位信息
- 发布日期:2017-10-30
- 工作地点:上海
- 工作经验:无工作经验
- 学历要求:本科
- 语言要求:英语熟练
- 职位月薪:0.8-1万/月
- 职位类别:网络信息安全工程师 网络工程师
职位描述
职位描述:
Security is only as strong as its weakest link. Consequently, Underwriters Laboratories employs a holistic view of software security, from product design and secure system integration to the security of entire infrastructures. UL helps to combat cybersecurity risks throughout the different IT lifecycle phases, from security strategy & design, to secure software development, and implementation in wider IT network & infrastructures.
UL partners with customers to provide an independent viewpoint and provide advisory, and testing and validation services. We’ll work with customers to evaluate current security exposure and the risks they are running. We’ll help customers to develop risk-based action plans to secure and protect critical assets and data effectively and cost-efficiently. Our aim is to give customers the peace of mind that comes from knowing that you have performed the necessary due diligence to mitigate cybersecurity risks.
UL is looking for you if you're seeking a cutting edge career in Cyber Security. Do you have experience with product embedded software , smart device , or ethical hacking and match the following point ? WE WANT YOU!
? Eager to learn , especially in self-study
? Willing to go through a series of intense training on many cyber security domain in a short time
? Enjoy growing your career professionally with an international team in a multinational company
Responsibilities
The Senior Security Analyst will conduct advanced vulnerability assessments, penetration tests, and other ethical hacking actions to identify issues in embedded products (IoT) and software. Helps define industry requirements on cybersecurity along with other standard bodies and industry alliances.
? Leads and participates in customer projects to the defined requirements in the timeframe required by customers with the highest quality and integrity of work.
? Analyzes customer documentation to qualify Risk Management and Threat Analysis assessment models.
? Is able to verify security controls in the product as described in the documentation.
? Conducts security tests using automated tools, ad-hoc tools, and manual testing techniques.
? Conducts penetration testing against different technological domains including, but not limited to embedded devices, web apps, mobile apps and other device applications.
? Assesses and calculates risk based on vulnerabilities and exposures discovered during testing, based on international standards such as OWASP, NIST 800-115, OPENSAMM among others
? Creates required information security documentation, technical reports, and formal papers on test findings, and complete requests in accordance with requirements.
? Provides technical guidance and training to new security team members.
? Provides pre-sales support and the sale of more complex projects.
? Helps drive innovation in cybersecurity services.
Qualifications
? University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline plus four years’ technical expert in cybersecurity, software development, or ethical hacking.
? Customer facing , good communication skill
? Vulnerability, threat and risk management experience
? Experience with cybersecurity testing of products and software to identify weaknesses and flaws. Able to create PoC's and clearly document the procedure.
? Hands-on experience with commercial, open source and free security tools for static source code analysis, fuzzing testing, dynamic and binary testing; as well as vulnerability scanning.
? Understanding of security issues on various operating systems, web and database platforms, proven proficiency in networking and security.
? Extensive experience and knowledge in scripting at least one or more of the following languages: sh, csh, perl, python, ruby.
Nice to have skills
? Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE
? Experience with QNX, Linux, iOS, AOSP, etc.
? Deep expertise in testing in at least two or more of the following domains: Embedded software, embedded security, mobile apps, telecom or networking equipment.
? Security related certifications is a plus: CEH, CPT, CEPT, CSSLP, CISSP, OSCE, LPT, CREST ACE, GIAC, CISA, OSCP, CompTIA SECURITY+ or other information security certifications
? Security framework experience (e.g. ISO 27001/27002, NIST, PCI, FIPS etc.)
? Experience with various security tools and products (e.g. Nessus, Burp, metasploit framework, OpenVAS)
? Good understanding of the components of a secure SDLC
? Application reversing skills
? Understanding of cryptography principles
Security is only as strong as its weakest link. Consequently, Underwriters Laboratories employs a holistic view of software security, from product design and secure system integration to the security of entire infrastructures. UL helps to combat cybersecurity risks throughout the different IT lifecycle phases, from security strategy & design, to secure software development, and implementation in wider IT network & infrastructures.
UL partners with customers to provide an independent viewpoint and provide advisory, and testing and validation services. We’ll work with customers to evaluate current security exposure and the risks they are running. We’ll help customers to develop risk-based action plans to secure and protect critical assets and data effectively and cost-efficiently. Our aim is to give customers the peace of mind that comes from knowing that you have performed the necessary due diligence to mitigate cybersecurity risks.
UL is looking for you if you're seeking a cutting edge career in Cyber Security. Do you have experience with product embedded software , smart device , or ethical hacking and match the following point ? WE WANT YOU!
? Eager to learn , especially in self-study
? Willing to go through a series of intense training on many cyber security domain in a short time
? Enjoy growing your career professionally with an international team in a multinational company
Responsibilities
The Senior Security Analyst will conduct advanced vulnerability assessments, penetration tests, and other ethical hacking actions to identify issues in embedded products (IoT) and software. Helps define industry requirements on cybersecurity along with other standard bodies and industry alliances.
? Leads and participates in customer projects to the defined requirements in the timeframe required by customers with the highest quality and integrity of work.
? Analyzes customer documentation to qualify Risk Management and Threat Analysis assessment models.
? Is able to verify security controls in the product as described in the documentation.
? Conducts security tests using automated tools, ad-hoc tools, and manual testing techniques.
? Conducts penetration testing against different technological domains including, but not limited to embedded devices, web apps, mobile apps and other device applications.
? Assesses and calculates risk based on vulnerabilities and exposures discovered during testing, based on international standards such as OWASP, NIST 800-115, OPENSAMM among others
? Creates required information security documentation, technical reports, and formal papers on test findings, and complete requests in accordance with requirements.
? Provides technical guidance and training to new security team members.
? Provides pre-sales support and the sale of more complex projects.
? Helps drive innovation in cybersecurity services.
Qualifications
? University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline plus four years’ technical expert in cybersecurity, software development, or ethical hacking.
? Customer facing , good communication skill
? Vulnerability, threat and risk management experience
? Experience with cybersecurity testing of products and software to identify weaknesses and flaws. Able to create PoC's and clearly document the procedure.
? Hands-on experience with commercial, open source and free security tools for static source code analysis, fuzzing testing, dynamic and binary testing; as well as vulnerability scanning.
? Understanding of security issues on various operating systems, web and database platforms, proven proficiency in networking and security.
? Extensive experience and knowledge in scripting at least one or more of the following languages: sh, csh, perl, python, ruby.
Nice to have skills
? Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE
? Experience with QNX, Linux, iOS, AOSP, etc.
? Deep expertise in testing in at least two or more of the following domains: Embedded software, embedded security, mobile apps, telecom or networking equipment.
? Security related certifications is a plus: CEH, CPT, CEPT, CSSLP, CISSP, OSCE, LPT, CREST ACE, GIAC, CISA, OSCP, CompTIA SECURITY+ or other information security certifications
? Security framework experience (e.g. ISO 27001/27002, NIST, PCI, FIPS etc.)
? Experience with various security tools and products (e.g. Nessus, Burp, metasploit framework, OpenVAS)
? Good understanding of the components of a secure SDLC
? Application reversing skills
? Understanding of cryptography principles
职能类别: 网络信息安全工程师 网络工程师
公司介绍
作为全球应用安全科学专家,UL Solutions服务全球100多个国家和地区的客户,将产品安全、信息安全和可持续性挑战转化为客户的机遇。UL Solutions 提供测试、检验、认证(TIC),以及软件产品和咨询服务,以支持客户的产品创新和业务增长。 UL认证标志代表着高质量的性能和独立第三方认证,是我们赋予客户产品的广为认可的信任标识。我们助力客户创新,推出新产品和服务,驾驭全球市场和复杂的供应链,并以可持续和负责任的方式走向未来。
UL Solutions进入中国四十多年来,持续为中国制造商提供方便、快速、卓越的本土化检测认证服务,助力中国产品进入北美乃至全球市场。目前我们在中国设有12个分支机构以及苏州绿色高科技测试运营中心、广州产品安全实验室、广州检测科技实验室、东莞物联网检测实验室、上海检测服务实验室、深圳检测服务实验室、常州动力电池检测实验室和中山燃气具实验室共8个大型实验室,以及众多获得UL 认可的第三方合作实验室和客户实验室,服务于超过22,000家客户,为中国企业的全球化高质量发展提供与时俱进的创新安全解决方案。
随着中国经济迈入高质量发展的新时代,UL Solutions也在不断加大在中国本土实验室的投资和中国工程师团队的建设,将全球经验与本土需求深度融合,让我们的科学成为您的优势,通过守护安全、保护创新、推动可持续发展助力中国企业增强核心竞争力,实现高质量发展,提升中国品牌的信心和力量。
加入UL,您将获得:
1.五天八小时工作制,享受国家规定的加班补贴;
2.具有竞争力的薪酬体系:按国家规定缴纳五险一金,年底双薪,年度绩效奖金,年度调薪等;
3.丰富的员工福利:部分城市提供员工班车(广州、苏州等),额外的商业保险,员工旅游或公司团建,节假日福利,年度体检等;
4.超长假期:法定年假+公司提供的补充带薪年假及12天全薪病假;
5.团队氛围:扁平化的组织,人性化的管理,员工之间互助合作;
6.成长平台:业内技术大咖,一对一导师,丰富的线上线下培训课程(UL大学),国际化的工作环境,多元与包容的文化氛围。
微信搜索和关注“UL Solutions招聘”公众号,了解UL最新招聘信息及公司动态。
Today’s Talent Driving Tomorrow’s Success.
UL Solutions进入中国四十多年来,持续为中国制造商提供方便、快速、卓越的本土化检测认证服务,助力中国产品进入北美乃至全球市场。目前我们在中国设有12个分支机构以及苏州绿色高科技测试运营中心、广州产品安全实验室、广州检测科技实验室、东莞物联网检测实验室、上海检测服务实验室、深圳检测服务实验室、常州动力电池检测实验室和中山燃气具实验室共8个大型实验室,以及众多获得UL 认可的第三方合作实验室和客户实验室,服务于超过22,000家客户,为中国企业的全球化高质量发展提供与时俱进的创新安全解决方案。
随着中国经济迈入高质量发展的新时代,UL Solutions也在不断加大在中国本土实验室的投资和中国工程师团队的建设,将全球经验与本土需求深度融合,让我们的科学成为您的优势,通过守护安全、保护创新、推动可持续发展助力中国企业增强核心竞争力,实现高质量发展,提升中国品牌的信心和力量。
加入UL,您将获得:
1.五天八小时工作制,享受国家规定的加班补贴;
2.具有竞争力的薪酬体系:按国家规定缴纳五险一金,年底双薪,年度绩效奖金,年度调薪等;
3.丰富的员工福利:部分城市提供员工班车(广州、苏州等),额外的商业保险,员工旅游或公司团建,节假日福利,年度体检等;
4.超长假期:法定年假+公司提供的补充带薪年假及12天全薪病假;
5.团队氛围:扁平化的组织,人性化的管理,员工之间互助合作;
6.成长平台:业内技术大咖,一对一导师,丰富的线上线下培训课程(UL大学),国际化的工作环境,多元与包容的文化氛围。
微信搜索和关注“UL Solutions招聘”公众号,了解UL最新招聘信息及公司动态。
Today’s Talent Driving Tomorrow’s Success.
联系方式
- Email:SZHR@ul.com
- 公司地址:朗山二路8号清溢光电三楼
- 电话:17748570067