Fresh Grad Hire-SDL Security Engineer
moomoo
Full-time
On-site
Hong Kong Hong Kong Hong Kong
- Conduct security assessments throughout the product development lifecycle to enhance security capabilities across all phases, including requirements, design, and pre-launch testing.
- Develop and implement security development standards that cover the entire software lifecycle, including security requirements analysis, threat modeling, code audit, penetration testing, and pre-release security reviews. Design, implement, and maintain security control processes within the Software Development Life Cycle (SDLC).
- Track and manage security vulnerabilities identified at each Security Development Lifecycle (SDL) phase, produce risk assessment reports, and drive issues to remediation.
- Bachelor’s degree or above in Computer Science, Information Security, or a related field; knowledge of blockchain technology is required.
- Understanding of Security's Software Development Lifecycle (SDL) processes, candidates with practical experience in threat modeling, code security auditing, penetration testing, or those with SDL internship experience in the financial industry will be given preference.
- Proficient in mainstream programming languages (e.g., C++, Go) and their security analysis methods; able to provide practical guidance to development teams to remediate vulnerabilities identified through code scanning.
- Familiar with DevSecOps practices and tools, such as SAST, DAST, IAST, automated application security testing, container security, and Software Composition Analysis (SCA). Experience with common security scanning tools, such as Fortify, Checkmarx, Coverity, AppScan, Black Duck, WebInspect, etc.
- Familiar with common security vulnerability types (e.g., SQL Injection, XSS, CSRF) and security tools (e.g., OWASP ZAP, Burp Suite, Wireshark); understanding of vulnerability analysis and remediation methods.