Purpose of this Position

此職位為落實組織的產品資安發展策略的關鍵角色，透過產品資安測試活動支持產品研發團隊（軟體RD/QA）採用並執行產品資安的最佳實踐方案，並確保產品資安的品質與效率通過持續疊代獲得提升，從而使公司的工業網路設備具備應對新興網路威脅的能力。 This position plays a critical role in implementing the organization's product cybersecurity development strategy. It supports the product development teams (software RD/QA) through product cybersecurity testing activities, enabling them to adopt and execute best practices in product cybersecurity. Additionally, it ensures that the quality and efficiency of product cybersecurity are continuously enhanced through iterative improvements, thereby equipping the company's industrial networking equipment to address emerging cyber threats.

Major Areas of Responsibility

• 藉由產品資安合規驗證活動確保產品符合國際資安標準（例如：IEC 62443）及行業最佳實踐。
• 定期進行風險評估與漏洞掃描，與產品研發團隊及其他相關部門合作，協調一致化的安全實踐。
• 規劃並執行產品資安測試活動（如威脅緩解測試、滲透測試）。
• 與軟體品質保證（SQA）團隊合作，分析產品資安測試結果並推動修正與改進措施。
• 開發自動化測試工具，提升產品資安測試效率與精準度。
• Ensure products comply with international cybersecurity standards (e.g., IEC 62443) and industry best practices through product cybersecurity compliance verification activities.
• Conduct regular risk assessments and vulnerability scans, collaborating with product development teams and other relevant departments to coordinate consistent cybersecurity practices.
• Plan and execute product cybersecurity testing activities, such as threat mitigation testing, penetration testing.
• Collaborate with the Software Quality Assurance (SQA) team to analyze product cybersecurity testing results and drive corrective and improvement measures.
• Develop automated testing tools to enhance the efficiency and accuracy of product cybersecurity testing.
  
  

Minimum Job Requirements

－Education

• 網路安全或相關領域的學士或碩士學位。
• Bachelor’s or Master’s degree in cybersecurity or related fields.
  
  

－Professional Certificates/Licenses

• IEC-62443或其他資安相關證書（如OSCP, CISSP, CEH）尤佳。
• IEC-62443 or other relevant certifications (e.g., OSCP, CISSP, CEH) are a plus.
  
  

－Experience

• 至少3年的網路安全測試經驗。
• 具有韌體安全評估工具和方法的豐富經驗。
• 具備將網路安全原則和實務應用於網路設備的經驗。 （若為工業網路設備的經驗尤佳）
• 熟悉 IEC-62443 和網路彈性法案 (CRA) 等業界標準者尤佳。
• Minimum of 3 years of experience in cybersecurity testing.
• Proven experience with security assessment tools and methodologies for firmware.
• Experience applies cybersecurity principles and practices to network devices. (especially industrial network devices is a plus)
• Familiarity with industry standards such as IEC-62443 and Cyber Resilience Act (CRA) is a plus.
  
  

－Language

• 中文 / 精通 Chinese / Proficient
• 英文 / 中等 English / Medium
  
  

Required Competencies

• 重視網路安全細節，確保產品的網路安全品質。
• 擁有出色的分析能力，能夠有效地評估和解決複雜的網路安全問題。
• 具備良好的溝通與協作能力，能夠與跨職能團隊有效合作，清楚表達網路安全要求與預期交付。
• 具備獨立工作能力，責任感強，積極主動，樂於助人。
• 對新興網路安全技術充滿熱情與活力。
• Pay great attention to the details of cybersecurity to ensure the cybersecurity quality of the product.
• Possess excellent analytical skills, be able to effectively evaluate and solve complex cybersecurity issues.
• Strong communication and collaboration skills, capable of working effectively with cross-functional teams, to clearly express cybersecurity requirements and expected delivery.
• Ability to work independently, strong responsible, proactive and accommodating.
• Energetic and passionate about emerging cybersecurity technologies.