Advisory - Information Technology Risk and Assurance - Senior Associate (Security)(职位编号:SHE0002F)
安永华明会计师事务所
- 公司规模:500-1000人
- 公司性质:合资(欧美)
- 公司行业:会计/审计 金融/投资/证券
职位信息
- 发布日期:2012-08-20
- 工作地点:深圳
- 招聘人数:若干
- 工作经验:三年以上
- 学历要求:本科
- 语言要求:英语良好
普通话良好 - 职位类别:质量检验员/测试员
职位描述
Responsibilities:
岗位职责:
- Perform vulnerability assessment, attack and penetration test to system infrastructure or web application systems.
- 执行系统基础设施或web应用系统的脆弱性评估,攻击和渗透测试。
- Perform security review on source program code.
- 对源程序代码执行安全审查。
- Identify security vulnerabilities, assess the risk and provide practical recommendations to management.
- 识别安全漏洞,评估风险,并提供切实可行的建议。
- Determine the compensating controls and mitigating factors to the identified risk.
- 对已确定的风险寻找补偿性控制及缓解因素。
- Provide technical advice and security consultation to the management and staff.
- 为团队提供技术支持和咨询。
Requirements:
职位要求:
- Bachelor's Degree in Computer Science, Information Technology or related disciplines.
- 计算机科学,信息技术或相关专业学士学位。
- A minimum of 3 to 4 years' relevant experience in Information Technology, with at least 2 years' demonstrable experience in penetration testing to system infrastructure or web application systems a must.
- 拥有至少3至4年的信息技术相关工作经验,必须具有至少2年系统基础设施或web应用系统的渗透性测试经验。
- Sound knowledge and experience in using different hacking tools to perform foot printing, enumeration and exploitation to system infrastructure and web applications.
- 具有丰富的知识和熟练使用各种不同的黑客工具来对系统基础设施和网络应用进行枚举和渗透测试。
- Knowledge and experience in programming and security code review is desirable.
- 具有编程和安全代码审查经验尤佳。
- Experience in IBM Rational AppScan, Acunetix and Jtest is desirable.
- 具有IBM Rational AppScan,Acunetix和Jtest经验尤佳。
- Related qualifications and/or industry certification such as CEH (Certified Ethical Hacker), MCSE, RHCE/LPI, CCNA/CCIE, OCA/OCP is an advantage.
- 相关资格或行业认证,如CEH(Certified Ethical Hacker),MCSE,RHCE / LPI,CCNA / CCIE认证,OCA / OCP。
- Able to work independently and under pressure.
- 能在压力下独立工作。
- Good command of written and spoken English and Mandarin.
- 优秀的中英文口语及读写能力。
Who we are
At Ernst & Young, we support you in achieving your unique potential wherever you are in the world - both personally and professionally. We give you stretching and rewarding experiences that keep you motivated, working in an atmosphere of integrity and teaming with some of the world's most successful companies. And while we encourage you to take personal responsibility for your career, we support you in your professional development in every way we can. You enjoy the flexibility to devote time to what matters to you, in your business and personal life. At Ernst & Young, we know it's your point of view, energy and enthusiasm that make the difference.
岗位职责:
- Perform vulnerability assessment, attack and penetration test to system infrastructure or web application systems.
- 执行系统基础设施或web应用系统的脆弱性评估,攻击和渗透测试。
- Perform security review on source program code.
- 对源程序代码执行安全审查。
- Identify security vulnerabilities, assess the risk and provide practical recommendations to management.
- 识别安全漏洞,评估风险,并提供切实可行的建议。
- Determine the compensating controls and mitigating factors to the identified risk.
- 对已确定的风险寻找补偿性控制及缓解因素。
- Provide technical advice and security consultation to the management and staff.
- 为团队提供技术支持和咨询。
Requirements:
职位要求:
- Bachelor's Degree in Computer Science, Information Technology or related disciplines.
- 计算机科学,信息技术或相关专业学士学位。
- A minimum of 3 to 4 years' relevant experience in Information Technology, with at least 2 years' demonstrable experience in penetration testing to system infrastructure or web application systems a must.
- 拥有至少3至4年的信息技术相关工作经验,必须具有至少2年系统基础设施或web应用系统的渗透性测试经验。
- Sound knowledge and experience in using different hacking tools to perform foot printing, enumeration and exploitation to system infrastructure and web applications.
- 具有丰富的知识和熟练使用各种不同的黑客工具来对系统基础设施和网络应用进行枚举和渗透测试。
- Knowledge and experience in programming and security code review is desirable.
- 具有编程和安全代码审查经验尤佳。
- Experience in IBM Rational AppScan, Acunetix and Jtest is desirable.
- 具有IBM Rational AppScan,Acunetix和Jtest经验尤佳。
- Related qualifications and/or industry certification such as CEH (Certified Ethical Hacker), MCSE, RHCE/LPI, CCNA/CCIE, OCA/OCP is an advantage.
- 相关资格或行业认证,如CEH(Certified Ethical Hacker),MCSE,RHCE / LPI,CCNA / CCIE认证,OCA / OCP。
- Able to work independently and under pressure.
- 能在压力下独立工作。
- Good command of written and spoken English and Mandarin.
- 优秀的中英文口语及读写能力。
Who we are
At Ernst & Young, we support you in achieving your unique potential wherever you are in the world - both personally and professionally. We give you stretching and rewarding experiences that keep you motivated, working in an atmosphere of integrity and teaming with some of the world's most successful companies. And while we encourage you to take personal responsibility for your career, we support you in your professional development in every way we can. You enjoy the flexibility to devote time to what matters to you, in your business and personal life. At Ernst & Young, we know it's your point of view, energy and enthusiasm that make the difference.
公司介绍
Ernst & Young is one of the leading global professional services firms in the world. With more than 130,000 staff around the world, we at Ernst & Young are proud of what truly sets us apart in the profession - Our People First culture. Ernst & Young helps you achieve your best by providing great learning and career growth opportunities, by offering ways to help you achieve satisfaction at work and in life, and by looking at each decision with a keen eye towards how it will affect you.
To cope with our expansions in the PRC, we are eager to invite enthusiastic team members to join us.
安永是一家国际性的专业服务机构,全球拥有超过 130,000 名员工。为配合业务发展,诚聘专业人才。
Please forward full resume in English with a cover letter, photocopy of academic certificates, job references, current and expected salary and a recent photo by mail to or by fax to or by email to us.
请将简历寄至本公司。
To cope with our expansions in the PRC, we are eager to invite enthusiastic team members to join us.
安永是一家国际性的专业服务机构,全球拥有超过 130,000 名员工。为配合业务发展,诚聘专业人才。
Please forward full resume in English with a cover letter, photocopy of academic certificates, job references, current and expected salary and a recent photo by mail to or by fax to or by email to us.
请将简历寄至本公司。