Web應用程式安全工程師 Web Application Security Engineer (INT08072024-2)

September 18, 2024

台北市

OTHER & FULL TIME

*薪資範疇是以美金(USD)來計算*
工作職責：

職位需要：

其他福利：

Job Description:

Conduct thorough security assessments of web applications, identifying vulnerabilities and potential threats.
Perform manual and automated penetration testing to simulate attacks and assess system vulnerabilities.
Manage vulnerability scanning tools and processes to detect and remediate security weaknesses in web applications.
Prioritize and escalate critical vulnerabilities for immediate resolution.
Collaborate with development teams to integrate security controls into the design and architecture of web applications.
Provide guidance on secure coding practices and ensure adherence to security standards and frameworks (e.g., OWASP Top 10).
Monitor web applications for security breaches or suspicious activity.
Develop and implement incident response plans to address security incidents promptly.
Validate security controls through comprehensive testing and validation of web application security measures.
Conduct security reviews and audits to ensure compliance with regulatory requirements and industry standards.
Promote security awareness among development teams and stakeholders through training sessions and workshops.
Foster a culture of security by advocating best practices and proactive security measures.
Maintain accurate documentation of security assessments, findings, and remediation activities.
Prepare and present detailed reports on security vulnerabilities, risks, and mitigation strategies to management and stakeholders.

Job Requirement:

Bachelor’s degree in computer science, Information Security, Cybersecurity, or a related field. Advanced degrees or certifications (e.g., CISSP, CEH, OSCP) are preferred.
Minimum of 5-8 years of proven experience in web application security, penetration testing, or related roles.
Proven track record of conducting security assessments and implementing security controls in web applications.
Deep understanding of web application vulnerabilities and exploitation techniques (e.g., SQL injection, XSS, CSRF).
Experience with security testing tools such as Burp Suite, OWASP ZAP, Nmap, etc.
Familiarity with scripting languages (e.g., Python, Perl, Bash) for automation of security tasks is a plus.
Strong analytical and problem-solving skills with attention to detail.
Excellent communication skills, both verbal and written, with the ability to convey complex security issues to technical and non-technical audiences.
Ability to work independently and collaboratively in a team environment.
Knowledge of cybersecurity regulations, standards, and best practices (e.g., GDPR, PCI DSS, ISO 27001).
Willingness to stay updated with emerging threats, vulnerabilities, and security technologies.
Commitment to continuous learning and professional development in the field of cybersecurity.
Willing to travel or relocate to other countries or project location as assigned if required.