*薪資範疇是以美金(USD)來計算*
工作職責：

• 對Web應用程式進行徹底的安全評估，識別漏洞和潛在威脅。
• 執行手動和自動滲透測試以模擬攻擊並評估系統漏洞。
• 管理漏洞掃描工具和流程，以偵測和修復Web應用程式中的安全漏洞。
• 確定關鍵漏洞的優先順序並升級以立即解決。
• 與開發團隊合作，將安全控制整合到Web應用程式的設計和架構中。
• 提供有關安全編碼實踐的指導，並確保遵守安全標準和框架（例如，OWASP Top 10）。
• 監控Web應用程式是否有安全漏洞或可疑活動。
• 制定並實施事件回應計畫以及時解決安全事件。
• 透過全面測試和驗證Web應用程式安全措施來驗證安全控制。
• 進行安全審查和審計，以確保符合法規要求和行業標準。
• 透過培訓課程和研討會提高開發團隊和利害關係人的安全意識。
• 透過倡導最佳實踐和主動安全措施來培養安全文化。
• 維護安全評估、調查結果和補救活動的準確記錄。
• 準備並向管理階層和利害關係人提供有關安全漏洞、風險和緩解策略的詳細報告。

職位需要：

• 電腦科學、資訊安全、網路安全或相關領域的學士學位。優先考慮高級學位或認證（例如 CISSP、CEH、OSCP）。
• 至少在Web應用程式安全、滲透測試或相關角色方面擁有5-8 年的工作經驗。
• 在Web應用程式中進行安全評估和實施安全控制方面擁有良好的記錄。
• 深入了解 Web應用程式漏洞和利用技術（例如 SQL 注入、XSS、CSRF）。
• 使用Burp Suite、OWASP ZAP、Nmap等安全測試工具的經驗。
• 熟悉安全任務自動化的腳本語言（例如Python、Perl、Bash）者優先。
• 強大的分析和解決問題的能力，注重細節。
• 優秀的口頭和書面溝通技巧，能夠向技術和非技術受眾傳達複雜的安全問題。
• 能夠在團隊環境中獨立工作和協作。
• 了解網路安全法規、標準和最佳實務（例如 GDPR、PCI DSS、ISO 27001）。
• 願意隨時了解新出現的威脅、漏洞和安全技術。
• 致力於網路安全領域的持續學習和專業發展。
• 如有需要，願意出差或被派遣到指定國家或項目地點。

其他福利：

• 海外工作許可證將由雇主擔保
• 醫療福利

Job Description:

• Conduct thorough security assessments of web applications, identifying vulnerabilities and potential threats.
• Perform manual and automated penetration testing to simulate attacks and assess system vulnerabilities.
• Manage vulnerability scanning tools and processes to detect and remediate security weaknesses in web applications.
• Prioritize and escalate critical vulnerabilities for immediate resolution.
• Collaborate with development teams to integrate security controls into the design and architecture of web applications.
• Provide guidance on secure coding practices and ensure adherence to security standards and frameworks (e.g., OWASP Top 10).
• Monitor web applications for security breaches or suspicious activity.
• Develop and implement incident response plans to address security incidents promptly.
• Validate security controls through comprehensive testing and validation of web application security measures.
• Conduct security reviews and audits to ensure compliance with regulatory requirements and industry standards.
• Promote security awareness among development teams and stakeholders through training sessions and workshops.
• Foster a culture of security by advocating best practices and proactive security measures.
• Maintain accurate documentation of security assessments, findings, and remediation activities.
• Prepare and present detailed reports on security vulnerabilities, risks, and mitigation strategies to management and stakeholders.

Job Requirement:

• Bachelor’s degree in computer science, Information Security, Cybersecurity, or a related field. Advanced degrees or certifications (e.g., CISSP, CEH, OSCP) are preferred.
• Minimum of 5-8 years of proven experience in web application security, penetration testing, or related roles.
• Proven track record of conducting security assessments and implementing security controls in web applications.
• Deep understanding of web application vulnerabilities and exploitation techniques (e.g., SQL injection, XSS, CSRF).
• Experience with security testing tools such as Burp Suite, OWASP ZAP, Nmap, etc.
• Familiarity with scripting languages (e.g., Python, Perl, Bash) for automation of security tasks is a plus.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication skills, both verbal and written, with the ability to convey complex security issues to technical and non-technical audiences.
• Ability to work independently and collaboratively in a team environment.
• Knowledge of cybersecurity regulations, standards, and best practices (e.g., GDPR, PCI DSS, ISO 27001).
• Willingness to stay updated with emerging threats, vulnerabilities, and security technologies.
• Commitment to continuous learning and professional development in the field of cybersecurity.
• Willing to travel or relocate to other countries or project location as assigned if required.

Other benefit: -

• Overseas work permits will be sponsored by employer
• Medical benefit

工作類型: 全職, 新鮮人
可以通勤/搬遷:

• 台北市: 長期通勤，或願意以僱主提供的方案進行搬遷 (優先考慮)

教育程度:

• 大學 (必填)

工作經驗:

• WEB應用程式安全相關: 5 年 (優先考慮)

語言:

• 英文 (必填)
• 中文 (必填)

出差意願:

• 75% (優先考慮)