Listing Description

What You Will Do:

• Participate in setting up our payment and account platform's Security Development Lifecycle (SDL), encompassing activities such as requirements and technical specification reviews, as well as security testing.


• Responsible for application security analysis, threat modeling, black-box testing, white-box code auditing, and the development of security components. Propose effective solutions to mitigate potential security risks.


• Lead efforts to enhance our DevSecOps systems, including the creation of R&D security processes and the formulation of related standards and requirements.


• Collaborate closely with development teams to conceptualize and deliver secure applications, solutions, and compliance reports pertaining to safety standards.

What We Are Looking For:

• A Bachelor's degree or equivalent, with a minimum of 3 years of experience in SDL or DevSecOps roles within technology companies.


• Proficiency in black-box testing methodologies and techniques, coupled with a high level of competence in utilizing white-box code auditing tools.


• Familiar with OWASP TOP 10 vulnerabilities and have an in-depth grasp of vulnerability principles, encompassing both exploitation and the reinforcement of protective measures.


• Prior experience in establishing SDL procedures.


• Proven track record in conducting requirements and technical specification reviews from a security perspective, including the implementation of security design checklists.


• Familiar with security modules and components, coupled with hands-on experience in developing and integrating security components.


• Prior involvement in conducting security training sessions.

Preferred Qualifications (Nice to Have):

• Development experience in automated detection tools, with a history of successful open-source testing.


• Expertise in vulnerability discovery, code auditing, or the implementation of security solutions.


• A track record of identifying high-risk vulnerabilities within globally accessible public platforms.


• Excellent written and verbal communication skills in English and fluent oral Chinese preferred in order to communicate with key business partners.