Job Description

Construction of Cyber Security System

1. Lead the design of enterprise level security architecture, covering security protection for core systems such as hybrid cloud infrastructure, Web3 application scenarios, and traditional financial services
2. Independently build and debug open-source security components (such as Wazuh/Suricata/osquiry), and construct a defense in depth system that adapts to budget constraints
3. Establish a cross regional security collaboration mechanism, coordinate product, research and development, compliance and other departments to build a security technology ecosystem

Monitoring and Response

1. Build an active defense system, design abnormal behavior detection rules and response processes
2. Build a real-time monitoring system based on business operations, and establish a risk identification model for scenarios such as fund theft and abnormal transactions
3. Lead the emergency response to financial level security incidents and develop contingency plans for sensitive data breaches, financial fraud, and other scenarios

Engineering Security Practice

1. Build a log analysis platform to achieve cross time zone log correlation analysis and traceability evidence collection
2. Design terminal control solutions and automated compliance inspection tools that are adaptable to multiple jurisdictions
3. Promote the evolution of the DevSecOps system and integrate detection tools into the CI/CD process
4. Build a blockchain node monitoring system and design a smart contract security audit framework

Operation and Maintenance

1. Formulate SDL security development specifications for Internet financial business, and lead penetration tests and red blue confrontation drills
2. Lead the implementation of DevSecOps system and embed automated security detection module in CI/CD process
3. Build an endpoint protection system that is compatible with emerging businesses such as mobile payments and digital currencies

Compliance Security

1. Design and implement the company's information security baseline to ensure that the company's data transmission, data protection, security system, etc. comply with local compliance and regulatory requirements

Job Requirements

1. Bachelor's degree or above in computer/information security related majors
2. More than 8 years of experience in information security, over 3 years of team management experience, experience in the fintech field is preferred
3. Good communication skills, English can be used as a working language
4. Familiar with the open source security ecosystem, with practical experience in designing security systems from scratch preferred
5. Proficient in WAF, IDS, and implementation of defense systems such as situational awareness in financial scenarios
6. Proficient in designing progressive security evolution paths under resource constraints, balancing short-term defense and long-term architecture requirements
7. Accept quarterly international travel (approximately 30 days per year)

岗位描述

网络安全体系建设

1. 主导企业级安全安全架构设计，覆盖混合云基础设施、Web3应用场景及传统金融业务等核心系统的安全防护
2. 自主搭建和调试开源安全组件（如Wazuh/Suricata/osquery），建设适应预算约束的纵深防御体系
3. 建立跨地域安全协作机制，统筹协调产品、研发、合规等部门构建安全技术生态

安全监控与响应

1. 构建主动防御体系，设计异常行为检测规则和响应流程
2. 基于业务建设实时监控系统，针对资金盗用、异常交易等场景建立风险识别模型
3. 主导金融级安全事件应急响应，制定针对敏感数据泄露、金融欺诈等场景的处置预案

安全工程实践

1. 建设日志分析平台，实现跨时区日志关联分析与溯源取证
2. 设计适应多法域的终端管控方案、合规检查自动化工具
3. 推动DevSecOps体系演进，在CI/CD流程集成检测工具
4. 构建区块链节点监控系统，设计智能合约安全审计框架

安全策略运维

1. 制定互联网金融业务SDL安全开发规范，主导渗透测试与红蓝对抗演练
2. 主导DevSecOps体系落地，在CI/CD流程中嵌入自动化安全检测模块
3. 建设适配移动支付、数字货币等新兴业务的端点防护体系

安全合规

1. 设计和落地公司信息安全基线，确保公司数据传输、数据保护、安全体系等符合各地合规监管需求

任职要求

1. 计算机/信息安全相关专业本科及以上学历
2. 8年以上信息安全经验，3年以上团队管理经验，有金融科技领域经验优先
3. 良好的沟通能力，英语可作为工作语言
4. 熟悉开源安全生态，具有从零设计安全系统等实践经验优先
5. 熟练掌握WAF、IDS、态势感知等防御系统在金融场景的落地实践
6. 擅长在资源约束下设计渐进式安全演进路线，平衡短期防御与长期架构需求
7. 可接受季度性国际差旅（年均约30天）