Job Requirements

1. Have experience in red-blue confrontation in attack and defense drills, and be able to use Python to write vulnerability exploitation tools;
2. Be familiar with at least two penetration testing methods: web penetration, mobile penetration, social engineering, etc.
3. Have a certain understanding of information security-related concepts, theories and methods, love challenges, and be willing to devote themselves to the information security industry;
4. Have good professional ethics, good verbal and written expression skills.
5. Be able to work under pressure, and be able to communicate with all parties in a timely manner and feedback problems and solve them.
Bonus points:
1. Have original articles on security forums such as freebuf, or have a good ranking on the vulnerability platform.
2. Have experience in intrusion emergency response
3. Participate in real network confrontation and have good performance

Job Responsibilities

1. Responsible for internal red-blue confrontation, continue to carry out real network attack and defense confrontation, cooperate with the review of the technical defense system, and put forward improvement suggestions, conduct effect verification, and track implementation
2. Responsible for penetration testing related work, lead the team to implement penetration testing on the IT infrastructure, systems and networks of the company and its subsidiaries, penetration testing of internal and external application systems, and promote vulnerability rectification
3. Research the latest security attack and defense confrontation technology, look at problems from the attacker’s perspective, simulate APT attacks, and continuously improve the breadth and depth of attacks
4. Sort out attack TTPs based on ATT&CK and Kill Chain, improve the coverage and depth of simulated attack scenarios, and cooperate with Blue Team to improve detection coverage