Location 上海
Salary 450000-550000CNY
Job functions
Job number 10368

Company overview

Top Retail Company

Job description

• Conduct penetration test scoping/kick off meetings with technology business stakeholders, document scope and schedule testing window
• Lead web application, mobile, API and network penetration testing within the designated scope and rules of engagement
• Provide technical guidance for remediation of findings, collaborating with other CIS teams as necessary
• Provide mentoring and training to junior members of attack surface management team
• Perform required audit related tasks from internal audit, SOX and PCI activities.
• Interface & support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence as necessary
• Maintain and compose operational process documentation regarding program execution.
• Maintain and grow penetration testing tool suites and automation of tasks through the use of commercial and open source products

• Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
• 7+ years of IT professional experience, with 3+ years Information Security experience, with previous penetration testing or application security background
• Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices
• Strong web application development, security flaw and remediation technical understanding
• Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet capture, debugging and API interaction.
• Experience with data analytics with the ability to provide qualitative analysis and recommendations
• Experience and knowledge of performing security tasks within AWS or Azure cloud environments
• Ability to develop strong working relationships with a variety of other enabling teams.
• Certifications such as GIAC Web Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC Penetration Testing (GPEN) are strongly preferred.
• Previous experience working in large scale environments with diverse technologies strongly preferred.
• Ability to automate technical tasks through use of APIs or scripting strongly preferred.

Additional information



Job application

你正在申请以下职位: Senior Penetration Tester 当你提交申请后,我们将向招聘方展示你的简历,但不能承诺应聘成功。


Full Name
Company and title


i18n: If This Is Not You i18n: Go To Linkedin i18n: And Log In With Your Credentials.