返回查询:Information Security / 上海

该职位来源于猎聘 The Aim Of The Position Is
Ensure that IoT system including APP, cloud and communication with device is secure and well protected. Enforce Cybersecurity risk assessment process and complied with national laws, regulations. Manage the cybersecurity-related risks aligned to the organization' s strategy. Job Descriptions:

  • Plan and coordinate cyber security activities in the development and post-development phase of IoT product Life cycle to ensure product secure.
  • Regular check and vulnerability remediation action to be taken and track according to standard policy and guideline.
  • Track effectiveness of cybersecurity controls and risk levels
  • Ensure that all cybersecurity risks remain at an acceptable level for IoT product.
  • Familiar with IoT product development (BE, FE, APP) related technology and open source code. Ensure the transparency and controllability of the development process according to the company's software development specifications.
  • Responsible for data analysis, code analysis, solution review for IoT product including architecture design, development ,testing and operation.
  • Identify and assess system vulnerability and potential cyber risk. Guide dev team to do related remediation to ensure the system secure. Assess cybersecurity risks and propose most appropriate risk treatment options, including security controls and risk mitigation and avoidance that best address the organization's strategy
  • Familiar with Cloud operation. Guide operating and maintenance engineer to take effective actions to ensure the system secure.
  • Familiar with the common attack for APP and design solutions to avoid security problems
  • Engage with third party and guide dev team to do related remediation to meet national laws, regulations and related standard, such as MLPS, ISO 27001, PIPL, VDE, etc.
  • Participate regular cyber security meetings and collaborate with different functions, including group CS, Quality, compliance office, CS office.
  • Assist to conduct cybersecurity / compliance awareness education/training to related department and stakeholders.
  • Be an active part of a continues risk management cycle. Qualifications:
  • Minimum Bachelor's degree in Computer Science, information securi-ty or similar disciplines
  • Experience with IoT products development is a plus.
  • Solid English in both written and oral.
  • Good analytical and problem-solving skills. Highly result-orientated
  • Solid communication and coordination skills, flexible to handle differ-ent situations
  • At least 2-3 year related working experience
  • Familiar with Spring boot、Spring Security、Spring Cloud is a plus;
  • Familiar with Cloud interface PEN test is a plus;
  • Familiar with Android Native, IOS native and React Native develop-ment is a plus
  • Familiar with MQTT protocol, TLS protocol, HTTPS protocol is a plus;
  • Familiar with PKI system is a plus;
  • Understand security specifications of the mainstream database in-cluding MySql, MongoDB and Redis is a plus;
  • Knowledge about cybersecurity risk management standards, meth-odologies and frameworks is a plus.
  • Knowledge about Cyber threats and risk is a plus.
  • Knowledge about Computer systems vulnerabilities is a plus.
  • Knowledge about Cybersecurity controls and solutions is a plus. In accordance with the policies and regulations of the country and the regions where Vaillant Group's subsidiaries operate, and based on the company's practical needs, possession of relevant professional titles, certificates, licenses, or qualifications (whether related to your position at Vaillant or not) will be considered an advantage during the selection process.
去原网站上申请