Senior System Security Risk Control Engineer

Security Planning and System Design:

• Develop and implement the company’s overall information security strategy and management system.
  
• Design and execute security management processes to safeguard the company's systems, data, and networks.
  

Security Assessments and Risk Management:

• Conduct security assessments on internal systems, networks, and servers.
  
• Work closely with relevant teams to implement security solutions, track progress, and promote effective execution.
  

Penetration Testing and Intrusion Detection:

• Lead penetration testing efforts to identify weaknesses and vulnerabilities within the company's infrastructure.
  
• Conduct system intrusion detection, alarm generation, trace analysis, and implement measures to prevent further risks.
  

Security Vulnerability Monitoring:

• Continuously monitor and track emerging security vulnerabilities, including web application attacks such as SQL injection, XSS, etc.
  
• Develop strategies to mitigate these vulnerabilities and avoid security risks associated with the company's systems.
  

Team Development and Knowledge Management:

• Guide and train team members to improve their technical expertise and maintain a high level of security knowledge.
  
• Ensure that the team’s documentation and security protocols are continuously updated and well-documented.
  

• At least 3 years of hands-on experience in system security or related fields, with expertise in security risk assessment and mitigation.
  
• Degree in System Security, Computer Science, Information Technology, or related fields.
  
• Strong understanding of Linux and Windows operating systems and related security policies and procedures.
  
• Familiarity with WEB application servers and security protocols.
  
• Proficiency in using mainstream security tools and technologies such as IDS/IPS, firewalls, and other monitoring systems.
  
• Hands-on experience in formulating security policies, handling incidents, and responding to security breaches.
  
• Experience with system penetration testing, web application security, and vulnerability discovery.
  
• Deep understanding of web security issues, including common vulnerabilities like SQL injection, Cross-Site Scripting (XSS), etc.Ability to perform risk assessments, vulnerability analysis, and threat mitigation.
  
• Proficient in Chinese and English (both written and spoken) for clear communication of security issues and risk reports.