返回查询:Senior IT / 深圳市

该职位来源于猎聘 The IT Security Officer will be responsible for ensuring the security and privacy of the company's digital assets, with a primary focus on the Android smartphone OS and the applications running on it. Additionally, this role will cover the security of websites, databases, APIs, and data privacy. The IT Security Officer will work closely with cross-functional teams to implement and maintain robust security measures, respond to potential threats, and ensure compliance with industry standards and regulations. Key Responsibilities:

  • Android Smartphone Security:
  • Conduct regular security assessments and vulnerability scans on the Android smartphone OS and related applications.
  • Identify, document, and remediate security vulnerabilities in the Android environment.
  • Stay informed about new threats and vulnerabilities related to Android and third-party apps.
  • Website Security:
  • Perform regular security audits and penetration testing on company websites.
  • Implement and monitor web application firewalls (WAF) and other protective measures.
  • Ensure websites comply with security best practices and standards.
  • Database Security:
  • Secure database environments against unauthorized access and data breaches.
  • Implement encryption, access controls, and regular monitoring for database systems.
  • Conduct regular database vulnerability assessments and audits.
  • API Security:
  • Secure APIs by implementing authentication, authorization, and encryption.
  • Conduct regular security testing and code reviews for APIs.
  • Monitor and respond to security incidents related to API endpoints.
  • Data Privacy:
  • Ensure compliance with data privacy regulations (e.g., GDPR, CCPA) and best practices.
  • Conduct privacy impact assessments for new and existing systems.
  • Implement and maintain data protection measures, including data masking, encryption, and access controls.
  • Security Policies and Procedures:
  • Develop, implement, and maintain security policies, standards, and procedures.
  • Provide guidance and training to development and IT teams on secure coding practices and security best practices.
  • Perform regular audits and reviews to ensure compliance with security policies.
  • Incident Response and Threat Management:
  • Monitor security alerts and incidents across all digital assets.
  • Lead incident response efforts, including investigation, containment, remediation, and reporting.
  • Conduct root cause analysis and implement measures to prevent recurrence of security incidents.
  • Collaboration and Communication:
  • Work closely with Software development, IT, and product teams to integrate security into the development lifecycle.
  • Communicate security risks, findings, and recommendations to senior management and stakeholders.
  • Participate in cross-functional security initiatives and projects to enhance overall security posture.
  • Continuous Improvement:
  • Stay up-to-date with the latest security trends, tools, and techniques.
  • Evaluate and recommend new security technologies, tools, and solutions.
  • Contribute to the development of a security-focused culture within the organization. Qualifications:
  • Education: Bachelor's degree in Computer Science, Information Security, or a related field.
  • Experience:
  • Proven experience (3+ years) in IT security, with a focus on mobile security, web security, and data privacy.
  • Experience in conducting security assessments, vulnerability management, and incident response.
  • Technical Skills:
  • Strong knowledge of Android security architecture, web security principles, and database security.
  • Familiarity with security testing tools (e.g., OWASP, MobSF) and security monitoring solutions.
  • Understanding of privacy regulations and best practices for data protection.
  • Soft Skills:
  • Excellent analytical and problem-solving abilities.
  • Strong communication and interpersonal skills.
  • Ability to work independently and collaboratively within a team.
  • Detail-oriented and proactive in identifying and addressing security issues.
  • Preferred Qualifications:
  • Relevant security certifications (e.g., CISSP, CEH, GIAC, OSCP).
  • Experience with functionality, principles, and configuration strategies for common cybersecurity solutions and tools, such as mobile device management (MDM) solutions, and web application firewalls (WAF)
  • Knowledge of secure software development lifecycle (SDLC) practices.
  • Working Conditions:
  • Full-time position with standard working hours.
  • Occasional on-call support for security incidents.
  • Opportunities for professional development and growth.
  • Have a good command of English for communication and document writing.
去原网站上申请