Source Code Reviewer Evaluator源代码审核工程师
艾普拉斯(上海)质量检测有限公司
- 公司规模:50-150人
- 公司性质:外资(欧美)
- 公司行业:检测,认证
职位信息
- 发布日期:2020-12-10
- 工作地点:上海
- 招聘人数:1人
- 工作经验:3-4年经验
- 学历要求:本科
- 语言要求:英语熟练
- 职位月薪:3-4万/月
- 职位类别:安全测试 测试开发
职位描述
Applus + Laboratories正在寻求具有源代码审查经验的软件安全专家。
我们是一支高科技团队,致力于在网络安全领域提供咨询和评估服务。 我们为全球领先的高科技公司提供服务,以开发高科技和安全的产品,例如:
- 支付行业智能卡、身份识别
- 多用途的IC卡、eSIM卡、SOC芯片
- 软件和移动应用程序
- 网络设备
- 工业控制系统
如果你正在寻找一个充满挑战的职业机会、一个充满活力、国际化高素质的技术团队,我们将会为你提供全职职位,作为网络安全评估员加入我们在中国上海的公司。
成功的候选人将加入我们的团队,并接受适当的入职培训。 我们期望候选人在源代码安全审查方面具有经验,尤其是在SoC、安全元件和智能卡等嵌入式系统方面。
候选人应以服务为导向,积极进取并有条理,因为他/她将与一个年轻、快节奏的团队合作。 该职位为进一步发展其在组织中的职业生涯提供了机会。
你的职位
源代码审核工程师:
· 分析产品源代码和文档,旨在发现代码上的漏洞以抵抗最新的攻击。
· 分析和评估产品(例如安全元件)的安全性。
· 定义和分析发现的漏洞,并根据标准指标研究其可利用性。
· 根据源代码审查的结果支持测试计划定义。
· 根据源代码审查的结果,支持、指导和建议渗透测试团队进行测试。
· 改进静态和动态分析技术,以提高源代码审查的有效性。
· 支持我们的客户了解安全评估的结果。
· 掌握最新的尖端技术。
· 报告评估活动。
职位要求
· 在网络安全和源代码审查方面拥有3年以上的经验,尤其是在安全元件产品和/或智能卡及类似设备方面。
· 深入了解JavaCard,Native C和Multos技术或使用它们进行编程
· 有关汇编编程的知识。
· 具有使用常见SDK(例如Eclipse和其他类似工具)的经验。
· 具有EMVCo和/或Common Criteria方法学方面的经验
· 有关硬件攻击技术的知识,例如DPA / CPA、SPA、配置文件/模板和深度学习分析以及故障注入和软件攻击。
· 软件工程、电子、电信、计算机科学或相关专业。
· 良好的英语水平(书面和口语),懂其他语言优先。
· 积极的团队合作精神。
· 有条理,有条理和结构化的思维。
· 客户导向和人际交往能力
· 愿意出差
我们提供
· 在充满挑战的快节奏工作环境中的工作职位,充满机会。
· 对经验不够的技能进行培训
· 友好,专业和协作的氛围。
· 发展专业技能并获得挑战性的个人职业生涯
· 灵活的薪酬计划
· 良好的工作环境
Applus+ Laboratories is seeking a software security expert with source code review experience.
We are a highly technological team dedicated to providing consulting and evaluation services in the cybersecurity sector. We serve leading-edge tech companies around the world to develop high technological and secure products such as:
· Smartcards for payment industry, identification
· ICs, eSIMs, SOCs multipurpose
· Software and Mobile applications
· Network devices
· Industrial control systems
We are looking for someone who is seeking to join a dynamic, international and highly qualified technological team, with plenty of challenges and career opportunities. We are offering a full time position to participate as Cibersecurity Evaluator at our office in Shanghai (China).
The successful candidate will join our team and receive the appropriate onboarding training. The ideal candidate should be someone with experience in security on source code review specially in embedded systems such as SoCs, secure elements and smart cards.
The candidate should be service-oriented, proactive and organized, as he/she will be working with a young, fast-paced team. The position offers the opportunity to further develop their professional career in the organization.
Your role
Source code reviewer evaluator:
· Analyze the source code of the product and documentation with the aim to find vulnerabilities on the code against state-of-the art attacks.
· Analyze and assess the security of products such as secure elements.
· Define and analyze the flaws found and study its exploitability with standard metrics.
· Support on test plan definition according to the findings of the source code review.
· Support, guide and advice the penetration testing team on the results of the source code review.
· Improve static and dynamic analysis techniques to increase the effectiveness of the source code review.
· Support our clients understanding the results of your security assessment/evaluation.
· Be up-to-date on the new cutting edge techniques to apply.
· Report evaluation activities.
Requirements
· Experience of 3+ years in cybersecurity and source code review, especially in Secure Element products and/or smart card and similar devices.
· Deep knowledge on JavaCard and Native C and Multos technologies or programming with them.
· Knowledge on Assembly programming.
· Experience on working with common SDKs such as Eclipse and other similar tools.
· Experience in EMVCo and/or Common Criteria methodologies.
· Knowledge on hardware attack techniques such as DPA/CPA, SPA, profiling/template and deep learning analysis and fault injection as well as software attacks.
· Hardware engineering, electronics, telecommunications, computer science or similar background/education.
· Good English level (written and spoken), any other language is a plus.
· Proactive team player.
· Organized, methodical and structured thinking.
· Customer orientation and people skills.
· Availability to travel.
We offer
· Job position in a challenging and fast-paced working environment, full of opportunities.
· Onboarding and training on less experienced skills required.
· Friendly, professional and collaborative atmosphere.
· Possibility to grow professionally and obtain a personal and challenging career path.
· Flexible retribution plan.
· Good working conditions.
公司介绍
We support global companies with subsidiaries in China and their suppliers in meeting quality standards and complying with local, European and international regulation.
We also help Chinese companies to reach European and other international markets ensuring conformity with their target market requirements.
Our main services include:
Product Conformity - Industrial products testing, Product certification and Inspections services.
Materials Laboratory - Composite and Metallic materials testing for Aerospace sector
IT Laboratory - Functional and security testing for payment systems
At Applus+ Laboratories, you will be able to pursue a professional career, working with international teams and leading technologies. You will be involved in challenging and innovative projects for a wide range of clients and sectors.
Our teams need young people who want to pursue a long term career and experts looking for new challenges in an international company. The candidates should be passionate about their field of knowledge, market orientated, and wanting to take on new professional challenges.
Are you ready?
联系方式
- 公司地址:地址:span上海浦东秀浦路3999弄聚诚工业园23号楼