上海招聘

Key Responsibilities

· Assist APAC application teams with defining, rolling out and implementing DevSecOps to improve Group Application Security Level.

· Work with application teams to conduct application security assessment (VAPT, or pen-test) and compliance review on business applications.

· Explain and demonstrate application vulnerabilities and provide recommendations for mitigation, follow-up with application teams for vulnerability remediation.

· Organize training to application teams to improve the core security knowledge of secure coding principal and techniques.

· Lead the on-boarding and support of multiple security platforms: SAST, DAST and IAST.

· Assist with implementing and designing automated security checks within the CI/CD

· Take action to maintain compliance to security standards and policy, escalate non-compliance in a timely and effective manner

· Report on key compliance and operational metrics of application security.

Basic Qualifications

· Degree/Diploma in Computer-related discipline, or equivalent work experience.

· 3 ~ 5 years of hands-on experience as a software developer.

· 2+ years of hands-on experience of VAPT, application security testing, security code analysis or reviews

· Knowledge and understanding of security frameworks and methodologies for controls, compliance and auditing – NIST, ISO27001, PCI-DSS, OWASP, SSDLC

· Related industry certifications such as CEH, CISSP, CSSLP, GSSP-.NET, GSSP-Java, GWEB, GWAPT, OSCP, CREST is a plus.

· Fluent in both English and Chinese.

Preferred Skillset

· Professional – Application Security

o Familiar with HTTP, JavaScript, Java, .NET, SOAP, WSDL, REST, SSL standards, PKI infrastructure, security models and common API client architecture.

o Familiar with industrial DevOps and security testing tools such as but not limited to Checkmarx, Sonar, VSTS, Jenkins and Kali Linux

o Knowledge of common security protocols such as SSL/TLS, OAuth 2.0, SAML, Open ID Connect, LDAP, Radius etc. and crypto libraries such as Open SSL, JWT etc.

o Familiar with common web application vulnerabilities, OWASP Top

o Hands-on experience with web application and network vulnerability scanning

· Personal

o Demonstrated critical thinking, situational analysis and problem solving skills and mindset.

o Ability to independently conduct research into application security issue, standards, and products is required

o Good inter-personnel skill, highly self-motivated, autodidact and willing to do more.

Accentiv'（雅智捷）隶属于法国艾登瑞德集团，原雅高服务（Accor Services）。艾登瑞德集团于2010年7月成功在泛欧巴黎证券交易所挂牌上市（EDENREDAC - Euronext Paris）。作为全球著名的CRM领导者以及关系行销咨询与实施专家，Accentiv'（雅智捷）专注于为企业客户度身订制专业的CRM、忠诚度以及激励项目。我们致力于为企业客户构建忠诚度的桥梁，提供专业的关系行销咨询、设计、发展和管理一站式无忧服务。帮助建立企业客户与顾客、渠道以及员工之间健康有效的关系。我们相信良好的关系可以为企业创造更高价值，从而有效提升业绩。我们相信关系致远!
Accentiv'（雅智捷）目前在全球42个国家开展业务。我们的客户遍布零售、快消、酒店、母婴、奢侈品、物流等多个行业，如：米其林、宝洁、丝芙兰、雀巢、DHL、哈根达斯等。
 
Accentiv’ is a subsidiary of Edenred (formerly branded Accor Services), which was one of the two core businesses under Accor Group. The new Edenred Group became independent in 2010 and was listed on the Euronext Paris on July 2（EDENREDAC - Euronext Paris）. As a CRM leader and renowned specialist in relationship marketing consultancy and practice, Accentiv' provides business with tailor-made services to design and manage CRM, Loyalty & Incentive Programs. We are committed to helping our corporate clients build up a loyalty bridge to their customers, partners and employees, and to providing a holistic package of relationship marketing consulting, technology, marketing and operation services. We believe RELATIONSHIPS DO MATTER.
Accentiv’ operates in 42 countries around the world. Our clients in China, covering in various industries of Retail, FMCG, Hotel, Baby, Luxury and Logistic: Michelin, P&G, Sephora, Nestle, DHL, Haagen-Dazs…

公司网址：www.edenred.com
          www.accentiv.cn