Base location options: Singapore / Malaysia / United Arab Emirates (UAE)

Job Responsibility

• Conduct security assessments on business systems and infrastructure (Java/Golang/JS/C++) including but not limited to penetration testing, code auditing, and promotion of vulnerability and risk remediation.
• Track the latest industry vulnerabilities, conduct analysis and reproduction, perform internal impact assessments, and drive related vulnerability fixes.
• Integrate security requirements/best practices into the design, development, testing, and deployment phases to ensure the security of the entire software development lifecycle (SDLC).
• Familiar with Web3 industry-related products, identify vulnerabilities in business architecture, product processes, and logic, and promote their remediation.
• Develop security-related documentation such as source code security specifications, security solutions, remediation plans, and security best practices.

Requirements:

• Bachelor’s degree or above; majors in Computer Science, Information Security, Network Engineering, or related fields are preferred.
• At least 5 years of work experience in Internet companies or Web3 industry companies, with relevant experience in security testing, auditing, and assessment.
• Familiar with the principles of common security vulnerabilities (not limited to OWASP Top 10), as well as their discovery methods, exploitation scenarios, mitigation measures, and remediation plans.
• Familiar with common vulnerabilities in Java/Golang/JS/C++ languages and related frameworks (e.g., Spring MVC/SSM/Gobin/GoZero vulnerabilities).
• Strong understanding of penetration testing, proficient in common testing tools, code auditing tools, and techniques.
• Proactive learning ability, strong logical thinking, and excellent communication, organization, coordination, and promotion skills.

Preferred Qualifications:

• Submitted high-quality vulnerabilities on various national Security Response Center (SRC) platforms.
• Discovered vulnerabilities in programming languages or development frameworks and obtained high-quality CVEs.
• Experience in developing tools or platforms.