【Tech】Senior Backend Engineer - Golang
公司名稱: AinekoX CO., LTD. 艾奈科技有限公司
最低資格 2年以上軟體開發專業經驗 熟悉安全軟體開發流程(SSDLC)相關工具以及安全相關活動議題 具程式安全寫作、漏洞研究經驗, 或作業系統安全和安全開發方面的經驗 了解安全協定、密碼學、認證、授權 了解安全需求收集、風險評估、威脅建模、漏洞評估的開發實踐 與團隊的良好協作和技術領導技能 具同理心與產品團隊合作解決問題 Minimum Qualifications 2+ years of professional experience in software development Familiar with building tools to support SSDLC and other security initiatives Experience in secure programming, vulnerability study, or experience in operating system security and secure development patterns. Understanding of security protocols, cryptography, authentication, authorization. Understanding the development practice of security requirements gathering, risk assessment, threat modeling, vulnerability assessment. Good collaboration & technical leadership skills with internal stakeholders Good to put yourself in other's shoes, work with product team to achieve company goal. 基本職責和責任 Moxa 正在尋找在資安技術、產品開發方面具有行業經驗的強大團隊成員。 該角色將通過 Moxa 工業產品的 SSDLC 流程在 IACS(工業自動化控制系統)安全保證中發揮關鍵作用。 主要職責 產品風險評估、威脅建模、漏洞評估 優化與執行資訊安全相關之通報、回應、演練、應變程序 漏洞研究、概念驗證(POC)與影響評估 強化Moxa產品SSDLC流程與團隊合作完成安全產品開發並符合國際認證要求 制定與審查Moxa產品資安相關功能規格、設計與實作 回應Moxa產品資安事件 開發資安相關之必要工具 研究開發安全技術與功能 資安教育訓練,提升團隊資安意識 Essential Duties And Responsibilities Moxa is looking for a strong team player with industry experience in cybersecurity risk management, assessments, and audit compliance. The role will play a key part in the IACS (Industrial Automation Control System) security assurance through SSDLC process on Moxa industrial products. Major Responsibility Risk assessment, vulnerability assessment, threat modeling Improve and responsible for security related SOP Vulnerability research, POC implement and impact assessment Enhance Moxa SSDLC process, and successfully working with internal stakeholders Build and review Moxa product security spec, design and implementation Response product security incident Develop necessary tools for cybersecurity related development Research and develop security related technology and feature Conduct cybersecurity training and enhance R&D team's cybersecurity awareness.公司地址:
新北市新莊區新北大道四段3號13樓(宏匯廣場)其他:
有以下經驗者優先 2年以上 C 代碼審查經驗 具有相關專業資格之一者優先,例如 CSSLP、ISA/IEC 62443、OSCP 熟悉各種安全活動的工具:靜態/動態代碼分析、CVE tracking, 滲透測試 了解工控協定、OT場域生態 具有培訓經驗 Candidates with following experiences is a plus 2+ years C code review experience Either of relevant professional qualifications is a plus, such as CSSLP, ISA/IEC 62443, OSCP Familiarity with the tools for various security activities: static/dynamic code analysis, CVE tracking, penetration testing. Understanding of industrial protocol, OT field ecosystem Carefulness Experience in training -2024-09-17