Location Shanghai
Salary 450000-550000CNY
Job functions
Job number 10368

Company overview

Top Retail Company

Job description

• Conduct penetration test scoping/kick off meetings with technology business stakeholders, document scope and schedule testing window
• Lead web application, mobile, API and network penetration testing within the designated scope and rules of engagement
• Provide technical guidance for remediation of findings, collaborating with other CIS teams as necessary
• Provide mentoring and training to junior members of attack surface management team
• Perform required audit related tasks from internal audit, SOX and PCI activities.
• Interface & support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence as necessary
• Maintain and compose operational process documentation regarding program execution.
• Maintain and grow penetration testing tool suites and automation of tasks through the use of commercial and open source products

• Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
• 7+ years of IT professional experience, with 3+ years Information Security experience, with previous penetration testing or application security background
• Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices
• Strong web application development, security flaw and remediation technical understanding
• Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet capture, debugging and API interaction.
• Experience with data analytics with the ability to provide qualitative analysis and recommendations
• Experience and knowledge of performing security tasks within AWS or Azure cloud environments
• Ability to develop strong working relationships with a variety of other enabling teams.
• Certifications such as GIAC Web Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC Penetration Testing (GPEN) are strongly preferred.
• Previous experience working in large scale environments with diverse technologies strongly preferred.
• Ability to automate technical tasks through use of APIs or scripting strongly preferred.

Additional information

Need Help?

Feel free to connect with us

Job application

You are about to apply to the following job: Senior Penetration Tester . Applying a job is not a commitment, it gives us the authorization to show your CV to the employer

Upload from Computer

Full Name
Company and title


i18n: If This Is Not You i18n: Go To Linkedin i18n: And Log In With Your Credentials.

Application confirmed!
Thank you for applying! We shall be in touch with you.

Jobs you might be interested in