Job Requirements

1. Have strong communication skills, teamwork skills, new technology learning ability, serious and responsible work attitude, and work experience in network security services or penetration testing;
2. Be familiar with penetration testing steps, methods, and processes, and be able to skillfully use security tools and manual testing to perform penetration testing on targets;
3. Be familiar with one or more mainstream programming languages ​​(such as Go/PHP/Python/JAVA, etc.);
4. Those who have published information security technical articles and vulnerabilities on domestic and foreign security sites, or have participated in well-known domestic and foreign network attack and defense competitions and won a place will be given priority.
5. Proficient in Web attack and defense technology, web penetration and attack and defense: OWASP, TOP10, XSS, C SRF, SQL injection, file upload/inclusion, command injection, etc., vulnerability principles and repair solutions, can independently complete penetration testing work
6. Reverse engineering: reverse tools (ollydbg, softice, windbg), software protection and cracking, antivirus and anti-killing
7. Software vulnerability mining: stack overflow principle and practice, shellcode, fuzz, vulnerability analysis
8. Social engineering: information collection, disguise, inducement, psychological tactics, persuasion, social engineering tools, etc.
9. Penetration testing: information acquisition, scanning and service identification, vulnerability verification, unlimited security, sniffing attacks, agents and tunnels, metasploit penetration attacks, etc

Job Responsibilities

1. Authorize sites, applications, and devices to conduct security testing;
2. Analyze common WEB, system, middleware and other vulnerabilities, and write vulnerability reports;
3. Responsible for the research and practice of other new technologies;
4. Complete the support tasks issued by the unit