Fresh Grad Hire-Penetration Testing Engineer
moomoo
Full-time
On-site
Hong Kong Hong Kong Hong Kong
- Conduct vulnerability discovery and penetration testing for company application systems, servers, and network infrastructure. Deeply understand various business transaction characteristics and associated risks.
- Perform regular cybersecurity assessments, including penetration tests for web applications, mobile apps, APIs, and internal systems. Identify vulnerabilities, provide remediation recommendations, and evaluate the defensive capabilities of fintech systems.
- Produce detailed penetration test reports outlining vulnerability risk levels, potential impact, and mitigation measures. Present findings to technical teams and management.
- Assist in security incident response, analyze attack vectors, and support forensic investigations. Stay updated on the latest security vulnerabilities (e.g., CVE/CNVD) and offensive/defensive techniques to continuously improve testing methodologies.
- Bachelor's degree or higher in Computer Science, Information Security, or a related field. Knowledge of blockchain technology is required.
- Familiar with web, application, and network security offensive and defensive techniques; capable of performing penetration testing tasks under guidance. Candidates with experience in cyber defense exercises (such as China's "Huwang Actions") are preferred.
- Proficient in common attack methods, principles, and countermeasures, including OWASP Top 10 vulnerabilities, middleware (nginx, Apache, Tomcat, etc.), and open-source component vulnerabilities (log4j, fastjson, etc.). Additionally, familiar with penetration testing tools such as Burp Suite, SQLMap, Nmap, and the Metasploit penetration testing framework.
- Ability to utilize scripting languages (Python, Shell) for task automation and data analysis to rapidly diagnose and resolve cybersecurity incidents.