Cyber Security Engineer
Shanghai, Shanghai, China
We are seeking an extraordinary senior security engineer to join a best-in-class solution engineering team. This is a highly technical, hands-on role in a dynamic and fast paced environment. You will need to have a good mixture of deep technical know-how in both cyber-security and software development process. You will be responsible for designing, implementing and supporting security initiatives in a DevOps environment with IT infrastructures deployed globally.
- 8+ years’ experience in designing, deploying and maintaining Cyber security related infrastructure and solutions with minimum 5+ years’ experience spe-cialized in Application security or DevOps security implementation or enterprise level vulnerability management.
- Expert level understanding of Application security in both offensive and defensive aspects.
- In-depth understanding and hands-on experience in network and system penetration testing methodology and techniques.
- Hands on experience in secure coding best practices and source code security scanning and review. Familiar with relevant tools such as Jenkins, Sonar, CheckMarx, Appscan.
- Hands-on experience in implementing and configuring multi-vendor infrastructure security solutions (e.g. firewall, IDS/IPS, Proxy and content filtering.)
- Software development experience is a plus
- Ability to analyze complex problems, quickly develop creative solutions, and adapt to a fast paced environment.
- Strong team player with high degree of flexibility
- Experience working in global organizations with diversified cultural, language and time zone environment
- Willing and able to travel
This role holds full responsibilities and ownership of critical security infrastructure operating in a diversified and highly critical DevOps environment. The existing scope of the work includes the following and will be extended with emerging new technology and new business initiatives. Responsibilities of this position include: •Design, implement and manage security related infrastructure in a DevOps environment •Conduct both black-box application penetration testing and static code analysis to identify application security issues •Work closely with DevOps and Dev teams to fix application security issues •Respond to IT threats and vulnerabilities and bring these issues to resolution. •Review and improve existing security infrastructure (e.g. IDS, SIEM, logs) to keep pace with changing threat landscape and business requirements •Research the latest security best practices in DevOps environment, staying abreast of new threats & vulnerabilities and helping to disseminate this infor-mation within the group as well as to other groups within Apple. •Position includes on call responsibilities handling security related incidents
Education & Experience
Technical BS/MS degree or equivalent work experience