Participate in code audit and security testing of the company’s internal application systems, discover and fix potential security issues
Promote the implementation of security SDL (Security Development Lifecycle) in the R&D process, participate in security solution review, security design and technical evaluation
Participate in red team exercises, act as the attacker, and conduct vulnerability mining and security research on internal targets of the company
Track and study the latest security vulnerabilities at home and abroad, analyze their principles and transform them into attack capabilities in attack and defense exercises
Cooperate with development, operation and maintenance, IT and other teams to formulate and promote the implementation of security reinforcement plans
Skill Requirements
Familiar with mainstream programming languages, and have relevant experience in code audit and penetration testing
Familiar with security development processes, security design and technical evaluation methods
Understand blockchain-related knowledge, especially Ethereum and Solidity language
Master red team attack and defense related technologies, including but not limited to: vulnerability mining, anti-killing, traffic obfuscation, intranet penetration, domain penetration, etc
Master common attack and defense skills, including reverse engineering, white box testing, security reinforcement, etc
Have strong learning and research abilities, and have a strong interest in emerging security technologies and new vulnerabilities
Have good teamwork, communication and document writing skills
