Cybersecurity Architect - APAC
江森自控(中国)投资有限公司
- 公司规模:5000-10000人
- 公司性质:外资(欧美)
- 公司行业:建筑/建材/工程
职位信息
- 发布日期:2019-11-12
- 工作地点:上海
- 招聘人数:1人
- 工作经验:无工作经验
- 学历要求:本科
- 职位类别:网络信息安全工程师 系统架构设计师
职位描述
RESPONSIBILITY LEVEL:
Clarios is
looking for an experienced Cybersecurity Architect with good
communication skills to join our global team of information technology
professionals. This role will be a part of the Information Security team and
will be responsible for assessing, designing, resolving and integrating information
security into information technology solutions. As a Cybersecurity Architect
you will be responsible for increasing security awareness among project teams
and making information technology solutions more robust and secure. You will
work with the Demand office, Enterprise Architecture and IT leadership and be
responsible for mentoring and driving them through the security assessments and
adopting secure solution design principles.
- ·
Perform
security assessments for on-going projects: both Architecture and
Implementation/Code Review - ·
Contribute
in building secure architecture for the new projects or making corrections to existing
ones - ·
Consult
on all 3rd-party application security penetration testing - ·
Consult
on vulnerability response process, impact assessments and remediation plans - ·
Recommend
design and code changes to meet product security objectives and remedy security
findings - ·
Perform
unit-test if needed to verify a remediation or provide a proof-of-concept as
evidence of a vulnerability - ·
Work
as a security advisor helping to establish secure development activities during
solution development - ·
Communicate
with customers and teams, be able to convey the message about importance of
security, the ways of establishing it and the wrong ways of enforcing it (e.g.
do pen testing before release)
DUTIES:
- ·
Knowledge
of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP
CLASP etc) - ·
Knowledge
of main Security-related activities in development such as Risk and Privacy
Assessment, Threat Modeling, Security Code Review - ·
Deep
understanding of the nature of security threats and their classification - ·
Knowledge
of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF,
buffer overruns, brute force, rainbow tables, DoS etc) and how they match the
general classification - ·
Understanding
of main security principles, such as multi-layered protection (Defense in
Depth) - ·
Understanding
of main areas of protection (Security, Privacy, Availability) and levels of
defense (networking, infrastructure, OS, Application) - ·
Understanding
of mitigation mechanisms for every type of threats (e.g. validation, sanitizing,
crypto-operations etc) - ·
Good
knowledge of Security Features and Mechanisms provided by at least one OS (e.g.
Windows, Linux, Android, iOS etc) and development platform/technologies (e.g.
Java, .NET Framework, databases etc) - ·
Familiarity
with existing security standards (e.g. PCI DSS, HIPAA, NIST, Common Criteria
etc) and what does it mean to implement compliance with them - ·
Familiarity
with the tools for various security activities: Static Code Analysis, Pen
Testing, Intrusion Detection/Prevention etc - ·
Experience
with VAPT and familiarity with common security vulnerabilities, the lexicon of
findings (CVSS, CVE), ability to assess severity, etc - ·
Understanding
of basic principles of infrastructure security and penetration testing - ·
Ability
to use the tools to perform actual attacks is a plus
REQUIREMENTS/QUALIFICATIONS:
·
Bachelor’s
degree or related experience in Computer Science, Engineering or related
discipline.
·
Strong
experience with MS Visio, PowerPoint, MS Word and MS Excel.
·
Minimum
5 years of experience, designing, implementing and supporting large-scale, information
security environments.
·
Professional
certification in relevant disciplines preferred: CISSP, CISA, CEH, Etc.
·
Strong
people management skills with global experience.
·
Strong
technical and non-technical communication skills.
·
Ability
to establish and maintain high levels of client trust and confidence.
公司介绍
在江森自控,我们致力于改善人们的生活、工作、学习和娱乐环境。江森自控致力于可持续发展,公司承诺在2040年前实现净零碳排放。作为智慧、健康和可持续建筑的全球领导者,我们凭借超过135年的创新经验,运用全面的数字化解决方案OpenBlue及建筑科技领域完整的产品和解决方案组合,为医疗、教育、数据中心、机场、体育场和生产制造等众多领域实现可持续发展的蓝图。江森自控在全球150多个国家拥有100,000名专业员工,旗下拥有多个业内值得信赖的品牌。
亚太区概况
通过广泛的业务网络和足迹,江森自控致力于为该地区的客户提供全方位的卓越服务:
29家制造工厂
10处研发基地
260多个分支机构
28000多名员工
*以上数据包含江森自控和江森自控日立空调
公司在中国拥有:
9000多名员工
9家制造工厂
3处研发基地
40多个办事处
100多个销售支持点
我们的价值观
诚信为先
我们承诺诚实和透明。我们坚持***诚信标准并信守我们做出的承诺。
客户至上
客户成功,我们才能成功。长期战略合作关系带来的独特洞见和实力,让我们能够创造卓越的客户体验与解决方案。
使命为本
我们坚信利成于益,勇于承担:通过我们提供的解决方案、我们对社会的奉献、我们开展业务的方式以及我们对保护人民和环境的承诺让世界变得更加美好。
着眼未来
我们的创新和持续改进文化激励我们在解决当今挑战的同时,不断思考“接下来会发生什么”。
同一个团队
我们是同一个团队,致力于团结协作,创造高效适用的解决方案,推动世界进步。
联系方式
- Email:club@51job.com
- 公司地址:上海福泉北路518号江森自控 (邮编:200051)
- 电话:15029250484