信息安全工程师
上海希楷实业有限公司
- 公司规模:少于50人
- 公司性质:外资(非欧美)
- 公司行业:专业服务(咨询、人力资源、财会) 电子技术/半导体/集成电路
职位信息
- 发布日期:2013-10-15
- 工作地点:上海
- 招聘人数:若干
- 语言要求:英语熟练
- 职位月薪:15000-19999
- 职位类别:环境/健康/安全工程师(EHS)
职位描述
JOB SUMMARY
This position will work with the Development team in the Shanghai office to help design in application and database level security into products developed in this office. They will work with our company wide information security program and our information security policies and find ways to appropriately implement these within the development processes in this office and to develop ways to ensure that these policies are being maintained with new releases prior to deployment.
ESSENTIAL FUNCTIONS & RESPONSIBILITIES
This position will assume one or more of the responsibilities listed below
1.Regularly exercises business discretion and independent judgment with respect to matters of significance related to information security and compliance.
2.Assist Corporate Governance as needed to audit, remediate and update controls that satisfy the intent of the control but are operational for the development teams.
3.Participate in performing IT-related Sarbanes-Oxley (SOX), information security, privacy and compliance audits in accordance with accepted professional standards.
4. Assist with the Security Officer for web application security risk assessment and controlled test and assessment periodically.
5.Emergency response of the security incidents; be responsible for websites/applications security incident tracking and analysis.
6.Follow up and analyze new security vulnerabilities including security technology on third-party software applications.
7.Be responsible for all types of web/applications vulnerability detection and predict potential weak points in application architecture/design. Discreetly help to gather information and put together reports on any incidents that are identified that may or may not have impacted the business.
8.Analyze data to provide an objective, informed opinion on the current status of aspects of the information security program and to help determine appropriate next steps to address risks identified by the business.
9.Evaluate the Company's security systems and tools for maintaining data reliability, integrity and security.
10.Participate in training business and technology personnel on the information security program and on compliance requirements.
11.This position is intended to work within the Shanghai office but they should have the ability to travel internationally as needed.
12.Perform other duties as directed by supervisor.
KNOWLEDGE, SKILLS, ABILITIES
1.Ability to work with various groups to implement required policies efficiently and comfortably, gaining teams' cooperation, assistance and trust.
2.Familiar with standard audit concepts, practices, and procedures.
3.Understanding of IT infrastructure, information security concepts and data flow in an online environment. This should include an understanding of application and database development processes and tools along with an understanding of coding practices.
4. Good understanding of security vulnerabilities, principle and prevention methods such as OWASP top 10 and how to code in ways that avoid these vulnerabilities.
5.In-depth knowledge and strong operating experience in Linux operating system.
6.Proficient in LAMP site architecture and log analysis for web server/MySQL database.
7. Familiar with at least one system script language can use the script to complete most of the day to day management. Good experience in web application programming languages such as PHP.
8.Excellent analytical skills, excellent time and organizational skills.
9 Excellent written and oral communication skills.
10.Team-oriented and skilled in working within a collaborative environment, and highly self-motivated and directed.
11. Familiar with ISO 27002 information security framework is a plus.
12.Experience in content anti crawling practice is a plus.
EDUCATION AND EXPERIENCE
1. Bachelor's degree in Computer Science, Business Information Systems or related field of study required.
2.Certified Information Systems Security Professional (CISSP) preferred but not required.
3.3+ years in production system environment, including proven experience running a 24x7 service.
4.3+ years Linux experience with solid understanding of file systems, TCP/IP protocol, performance tuning, and end-to-end application stacks.
Work Environment
1.Available to occasionally work evenings or weekends for high-priority projects.
2.Able to travel on occasion including international travel to the U.S. office or E.U. office.
3.Close daily interaction between system administrators, DBAs, and developers.
This position will work with the Development team in the Shanghai office to help design in application and database level security into products developed in this office. They will work with our company wide information security program and our information security policies and find ways to appropriately implement these within the development processes in this office and to develop ways to ensure that these policies are being maintained with new releases prior to deployment.
ESSENTIAL FUNCTIONS & RESPONSIBILITIES
This position will assume one or more of the responsibilities listed below
1.Regularly exercises business discretion and independent judgment with respect to matters of significance related to information security and compliance.
2.Assist Corporate Governance as needed to audit, remediate and update controls that satisfy the intent of the control but are operational for the development teams.
3.Participate in performing IT-related Sarbanes-Oxley (SOX), information security, privacy and compliance audits in accordance with accepted professional standards.
4. Assist with the Security Officer for web application security risk assessment and controlled test and assessment periodically.
5.Emergency response of the security incidents; be responsible for websites/applications security incident tracking and analysis.
6.Follow up and analyze new security vulnerabilities including security technology on third-party software applications.
7.Be responsible for all types of web/applications vulnerability detection and predict potential weak points in application architecture/design. Discreetly help to gather information and put together reports on any incidents that are identified that may or may not have impacted the business.
8.Analyze data to provide an objective, informed opinion on the current status of aspects of the information security program and to help determine appropriate next steps to address risks identified by the business.
9.Evaluate the Company's security systems and tools for maintaining data reliability, integrity and security.
10.Participate in training business and technology personnel on the information security program and on compliance requirements.
11.This position is intended to work within the Shanghai office but they should have the ability to travel internationally as needed.
12.Perform other duties as directed by supervisor.
KNOWLEDGE, SKILLS, ABILITIES
1.Ability to work with various groups to implement required policies efficiently and comfortably, gaining teams' cooperation, assistance and trust.
2.Familiar with standard audit concepts, practices, and procedures.
3.Understanding of IT infrastructure, information security concepts and data flow in an online environment. This should include an understanding of application and database development processes and tools along with an understanding of coding practices.
4. Good understanding of security vulnerabilities, principle and prevention methods such as OWASP top 10 and how to code in ways that avoid these vulnerabilities.
5.In-depth knowledge and strong operating experience in Linux operating system.
6.Proficient in LAMP site architecture and log analysis for web server/MySQL database.
7. Familiar with at least one system script language can use the script to complete most of the day to day management. Good experience in web application programming languages such as PHP.
8.Excellent analytical skills, excellent time and organizational skills.
9 Excellent written and oral communication skills.
10.Team-oriented and skilled in working within a collaborative environment, and highly self-motivated and directed.
11. Familiar with ISO 27002 information security framework is a plus.
12.Experience in content anti crawling practice is a plus.
EDUCATION AND EXPERIENCE
1. Bachelor's degree in Computer Science, Business Information Systems or related field of study required.
2.Certified Information Systems Security Professional (CISSP) preferred but not required.
3.3+ years in production system environment, including proven experience running a 24x7 service.
4.3+ years Linux experience with solid understanding of file systems, TCP/IP protocol, performance tuning, and end-to-end application stacks.
Work Environment
1.Available to occasionally work evenings or weekends for high-priority projects.
2.Able to travel on occasion including international travel to the U.S. office or E.U. office.
3.Close daily interaction between system administrators, DBAs, and developers.
公司介绍
公司属于一家服务型公司。
联系方式
- 公司地址:上班地址:.