After the last recruitment information was sent out, many students asked me if there were any positions for web security and application security in the Shopee security team . This time the big one comes, because I am also in the application security team, so this position is in the same department and the same team as me!
Our application security expert position is based in Shenzhen or Singapore, so it is best to tell me where you want the base to be when submitting.
For an introduction to our company and our team, work benefits, etc., you can click on the image below to view my previous articles:
The application security position recruitment JD is as follows (Chinese and English versions).
✅ Security Expert-SDLC Direction
Job Responsibilities
Participate in the implementation of the security SDLC development life cycle, and participate in business security plan review, security design and technology assessment
Responsible for participating in improving the security development process, system construction, and formulating relevant security standards and requirements
Output security solutions and security test reports, output repair plans for the vulnerabilities and follow up on implementation
Assess the risk points of mainstream application frameworks and formulate security plans to provide security support for each business line
job requirements
Bachelor degree or above, more than 5 years of relevant work experience
Familiar with common web security vulnerabilities, and have a deep understanding of vulnerability principles, exploitation, repair and reinforcement
Familiar with Party A's SDLC process implementation and security construction, has experience working in SDLC for Internet companies, and has been independently responsible for the implementation of large-scale business lines
Proficient in black box testing methods and paths, able to complete source code audit work independently, familiar with and practiced security design CheckList
Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and be proficient in reading design documents and related codes
Have an understanding of common business logic vulnerabilities such as authentication, unauthorized access, and tampering, and be able to independently mine business logic vulnerabilities.
Have extensive experience in vulnerability mining, code auditing and security solutions
bonus
Possess well-known open source or general software vulnerability CVE, and experience in framework layer vulnerability mining
Participated in the development of large-scale open source projects and is familiar with team development processes and tools
Have fluent English communication skills and be able to work with multinational teams
✅ Expert Security Engineer - Secure Software Development Life Cycle (S-SDLC)
Key Job Responsibilities
Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments
Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements
Produce security solutions and security test reports, provide advice in patching vulnerabilities and follow up with the risk mitigation
Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line
Key Job Requirements
Bachelor's degree in Computer Science, Engineering or related fields
More than 5 years of relevant work experience
Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilisation, patching, and reinforcement of various vulnerabilities
Familiar with the implementation of enterprise's SDLC process, have work experience in building secure SDLC for IT companies. Having been in charge of secure SDLC for a large dev team.
Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;
Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes
Having understanding in common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus
Extensive experience in vulnerability mining, code auditing and security solutions Experience in vulnerability mining at the framework level is preferred
Bonus Points
Having been credited to high-risk CVEs for well-known projects
Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
Fluent English communication skills for effective collaboration with multinational teams
Interested students can contact me in the background of the official account, or send your resume directly to my email: [email protected]