Web Offensive and Defensive Security Engineer

Conduct comprehensive security assessment, penetration testing and vulnerability scanning of Web applications to identify potential security vulnerabilities and risk points (such as XSS, CSRF, SQL injection, SSRF, etc.). Provide professional security consulting and guidance during the product development lifecycle to assist the development team in designing and implementing a secure and reliable Web application architecture. Perform security audits on existing codes to discover and fix potential security defects. Participate in the construction and optimization of the company's security defense system, including but not limited to WAF policy configuration, deployment and maintenance of intrusion detection system (IDS)/intrusion prevention system (IPS), etc. Participate in the response, analysis and processing of security incidents, formulate and implement emergency plans, and reduce the impact of security incidents on the business. Organize and participate in internal security awareness training to enhance the security awareness and skills of team members. Keep an eye on the latest technologies and attack trends in the field of Web security, research and introduce advanced security protection measures.