Job Title
Product Security Test Engineer (Offensive Security) – Greater China Market
Job Description
Job Description
Key tasks are to assure security robustness, by conducting efficient and effective security assessments on products / services to ensure robustness w.r.t the security features. The security assessor is a subject matter expert who identifies and help resolve security issues, and also support few soldering work to support hardware product security tests.
Key Responsibilities
Responsible for offensive security testing of Philips products in Greater China region. This role helps the Philips products to be security tested (as needed by the security requirements) before they are released to the market. With the changing threat landscape this role is very critical to assure security in Philips products. The Key Areas of Responsibility includes:
- Performs Ethical Hacking into products/solutions
- Be up-to-date with industry trends and reflect the same competency at work
- Give trainings/workshops in the field of expertise
- Pro-actively co-ordinate and collaborate with different stake holders at different stages of security testing in the project
- Creates and updates test specifications
- Ensure technical & testing documentation is kept up to date and audit ready
- Converting the test protocols into automated scripts for execution
- China specific test scenarios, like Wechat, ITAI (Information Technology Application Innovation), CASA (Cryptography Application Security Assessment), and so on
We are looking for
3+ years of progressive experience in security domain with expertise in any one or more of the following areas:
- Mobile application hacking
- IoT Security testing
- Bluetooth/Zigbee/Wifi security testing
- Web application / Web Services security testing
- Infrastructure security testing
- Cloud security assessments
- Automation and integration of security testing
- Good hands-on experience with Security Assessment tools
- Experience on manual exploitation of vulnerabilities, generating the reports, pin-pointing the vulnerabilities and provide detail recommendations on vulnerability exploitation
- Should have been involved in end-to-end application security testing for multiple products / projects / applications with good appreciation for SDLC and test life cycle
- Exposure to current security threats, specific to the application security
- Experience/exposure to programming platforms such as Java /.Net/ C and C++, is an added advantage
- Certifications: CEH/OSCP/CSSLP/CISSP/GCIH/GPEN (at least one)
- Experience or be willing to learn hardware security tests, including support soldering
- Willing to occasionally travel domestically (Shenzhen, Suzhou, Shenyang) and international (Bangalore, The Netherlands)
- Languages: Mandarin and English
Location: Shanghai
Read Full Description