Shopee 应用安全岗位招聘(新加坡/深圳)
2023-7-19 19:11:56 Author: govuln.com(查看原文) 阅读量:31 收藏

上次的招聘信息发出后,很多同学问我,Shopee安全团队有没有Web安全应用安全的岗位。这次大的就来了,因为我自己也是应用安全团队的,所以这个岗位和我是同一个部门同一个Team哦!

我们应用安全专家岗位,工作地点是深圳或新加坡,所以投递的时候最好跟我说明你想要base在哪个地点。

对于我们公司和我们团队的介绍,工作福利待遇等,可以点击下图查看我前面的文章:


应用安全岗位招聘JD如下(中文和英文版本)。

✅ 安全专家-SDLC方向

岗位职责

  • 参与安全SDLC开发生命周期的落地工作,参与业务的安全方案评审、安全设计及技术评估
  • 负责参与完善安全开发流程、体系化建设,制定相关安全标准和要求
  • 输出安全解决方案和安全测试报告,针对其中漏洞输出修复方案并跟进落地
  • 评估主流应用框架的风险点,制定安全方案为各业务线提供安全支持

岗位要求

  • 本科及以上学历,5年以上相关工作经验
  • 熟悉常见Web安全漏洞,对漏洞原理、利用与修复加固有深刻理解
  • 熟悉甲方SDLC流程落地和安全建设,有互联网公司SDLC工作经验,曾独立负责大型业务线落地
  • 熟练掌握黑盒测试方法和路径,能够独自完成源码审计工作,熟悉和实践过安全设计CheckList
  • 熟悉Java、Python、PHP、Go、C等至少一种编程语言,能熟练阅读设计文档和相关代码
  • 对常见的认证、越权、篡改等业务逻辑漏洞有了解,能够独立挖掘业务逻辑漏洞
  • 在漏洞挖掘,代码审计及安全解决方案等方向有丰富经验

加分项

  • 拥有著名开源或通用软件漏洞CVE,有框架层漏洞挖掘经验
  • 参与过大型开源项目开发,熟悉团队开发流程与工具
  • 具备流利的英文沟通能力,能够与跨国团队合作

✅ Expert Security Engineer - Secure Software Development Life Cycle (S-SDLC)

Key Job Responsibilities

  • Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments
  • Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements
  • Produce security solutions and security test reports, provide advice in patching vulnerabilities and follow up with the risk mitigation
  • Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line

Key Job Requirements

  • Bachelor's degree in Computer Science, Engineering or related fields
  • More than 5 years of relevant work experience
  • Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilisation, patching, and reinforcement of various vulnerabilities
  • Familiar with the implementation of enterprise's SDLC process, have work experience in building secure SDLC for IT companies. Having been in charge of secure SDLC for a large dev team.
  • Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;
  • Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes
  • Having understanding in common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus
  • Extensive experience in vulnerability mining, code auditing and security solutions Experience in vulnerability mining at the framework level is preferred

Bonus Points

  • Having been credited to high-risk CVEs for well-known projects
  • Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
  • Fluent English communication skills for effective collaboration with multinational teams

感兴趣的同学,可以在公众号后台联系我,或者直接将简历发送至我的邮箱:[email protected]


文章来源: https://govuln.com/news/url/NMEN
如有侵权请联系:admin#unsafe.sh