Shopee 应用安全岗位招聘（新加坡/深圳）

上次的招聘信息发出后，很多同学问我，Shopee安全团队有没有Web安全、应用安全的岗位。这次大的就来了，因为我自己也是应用安全团队的，所以这个岗位和我是同一个部门同一个Team哦！

我们应用安全专家岗位，工作地点是深圳或新加坡，所以投递的时候最好跟我说明你想要base在哪个地点。

对于我们公司和我们团队的介绍，工作福利待遇等，可以点击下图查看我前面的文章：

应用安全岗位招聘JD如下（中文和英文版本）。

✅ 安全专家-SDLC方向

岗位职责

• 参与安全SDLC开发生命周期的落地工作，参与业务的安全方案评审、安全设计及技术评估
• 负责参与完善安全开发流程、体系化建设，制定相关安全标准和要求
• 输出安全解决方案和安全测试报告，针对其中漏洞输出修复方案并跟进落地
• 评估主流应用框架的风险点，制定安全方案为各业务线提供安全支持

岗位要求

• 本科及以上学历，5年以上相关工作经验
• 熟悉常见Web安全漏洞，对漏洞原理、利用与修复加固有深刻理解
• 熟悉甲方SDLC流程落地和安全建设，有互联网公司SDLC工作经验，曾独立负责大型业务线落地
• 熟练掌握黑盒测试方法和路径，能够独自完成源码审计工作，熟悉和实践过安全设计CheckList
• 熟悉Java、Python、PHP、Go、C等至少一种编程语言，能熟练阅读设计文档和相关代码
• 对常见的认证、越权、篡改等业务逻辑漏洞有了解，能够独立挖掘业务逻辑漏洞
• 在漏洞挖掘，代码审计及安全解决方案等方向有丰富经验

加分项

• 拥有著名开源或通用软件漏洞CVE，有框架层漏洞挖掘经验
• 参与过大型开源项目开发，熟悉团队开发流程与工具
• 具备流利的英文沟通能力，能够与跨国团队合作

✅ Expert Security Engineer - Secure Software Development Life Cycle (S-SDLC)

Key Job Responsibilities

• Participate in the implementation of secure Software Development Life Cycle (SDLC), and be responsible for the security solution reviews, security design and technical assessment for business departments
• Improve the secure SDLC, build the standard system, and formulate relevant security standards and requirements
• Produce security solutions and security test reports, provide advice in patching vulnerabilities and follow up with the risk mitigation
• Evaluate the risk points of mainstream application frameworks and develop security solutions to provide security support for each business line

Key Job Requirements

• Bachelor's degree in Computer Science, Engineering or related fields
• More than 5 years of relevant work experience
• Familiar with OWASP TOP 10 vulnerabilities, and have a deep understanding of the principle, utilisation, patching, and reinforcement of various vulnerabilities
• Familiar with the implementation of enterprise's SDLC process, have work experience in building secure SDLC for IT companies. Having been in charge of secure SDLC for a large dev team.
• Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;
• Familiar with at least one programming language such as Java, Python, PHP, Go, C, etc., and proficient in reading design documents and related codes
• Having understanding in common business logic vulnerabilities such as authentication, ultra vires, and tampering, and experiences independently exploring business logic vulnerabilities would be a bonus
• Extensive experience in vulnerability mining, code auditing and security solutions Experience in vulnerability mining at the framework level is preferred

Bonus Points

• Having been credited to high-risk CVEs for well-known projects
• Having contributed to the development of open-source projects. Experience working in team collaborative development and familiar with development tools.
• Fluent English communication skills for effective collaboration with multinational teams

感兴趣的同学，可以在公众号后台联系我，或者直接将简历发送至我的邮箱：[email protected]