上海招聘

Company Description

Do you want beneficial technologies being shaped by your ideas? Whether in the areas of mobility solutions, consumer goods, industrial technology or energy and building technology - with us, you will have the chance to improve quality of life all across the globe. Welcome to Bosch.

Job Description

• The Product Security Expert will conduct advanced vulnerability assessments, penetration tests, and other ethical hacking actions to identify issues in embedded products (IoT) and software. Helps define industry requirements on cybersecurity along with other standard bodies and industry alliances.

• Leads and participates in customer projects to the defined requirements in the timeframe required by customers with the highest quality and integrity of work.

• Analyzes customer documentation to qualify Risk Management and Threat Analysis assessment models.

• Is able to verify security controls in the product as described in the documentation.

• Conducts security tests using automated tools, ad-hoc tools, and manual testing techniques.

• Conducts penetration testing against different technological domains including, but not limited to embedded devices, web apps, mobile apps and other device applications.

• Creates required information security documentation, technical reports, and formal papers on test findings, and complete requests in accordance with requirements.

• Provides technical guidance and training to new security team members.

Qualifications

• University Degree (Bachelor’s degree or higher) in Computer Science or a related discipline plus four years’ technical expert in cybersecurity, software development, or ethical hacking.

• Customer facing , good communication skill

• Vulnerability, threat and risk management experience

• Experience with cybersecurity testing of products and software to identify weaknesses and flaws. Able to create PoC's and clearly document the procedure.

• Hands-on experience with commercial, open source and free security tools for static source code analysis, fuzzing testing, dynamic and binary testing; as well as vulnerability scanning.

• Understanding of security issues on various operating systems, web and database platforms, proven proficiency in networking and security.

• Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE

• Experience in IoT domain such as Gateway, Cloud, APP with cross experience in related Hardware and Software.

• Experience in hardware selection that meets the relevant product security requirements (i.e. chip selection based on cloud protocol, encryption method, future proof).

• Experience with QNX, Linux, iOS, AOSP, etc.

• Deep expertise in testing in at least two or more of the following domains: Embedded software, embedded security, mobile apps, telecom or networking equipment.

• Security related certifications is a plus: CEH, CPT, CEPT, CSSLP, CISSP, OSCE, LPT, CREST ACE, GIAC, CISA, OSCP, CompTIA SECURITY+ or other information security certifications.

• Security framework experience.

• Experience with various security tools and products .

• Good understanding of the components of a secure SDLC.

• Application reversing skills.

• Understanding of cryptography principles.
• Good English communication skills

？

Additional Information

Location: Shanghai Jiading Districe

博世热力技术（上海）有限公司是罗伯特博世集团的一家全资子公司，前身为博世集团和日本林内集团于2005年11月成立的一家合资公司。公司坐落于上海嘉定区马陆工业园，截至2014财年，拥有300多名经验丰富的员工，销售额达到3.89亿元。作为一家市场领导企业，公司致力于为客户提供室内气候、热水和分散式能源管理方面节能、环保以及创新的解决方案。除此之外，公司生产范围延伸至了太阳能电池板领域，这是太阳能系统产品的一个关键组成部分。多年来，公司先后获得了ISO 9001:2008、ISO14001、水标志（Water Mark）、以及德国燃气与水工业协会（DVGW）等一系列行业专业质量体系认证，彰显了公司所坚持的质量管理体系水平。

为各类用户提供完整的供热系统解决方案，正是博世热力技术在中国的发展目标。我们为员工提供优良的工作环境、国际化的工作氛围、良好的薪资、健全的福利体系、富有挑战性的工作任务、完善的员工发展平台、大量的培训学习机会。随着业务的迅猛发展，我们求贤若渴，热切期待您的加盟。

Imprint: ****************/en/terms-of-use/provider
Privacy Statement: ****************/en/terms-of-use/privacy-statement