Senior Security Research Engineer, Cymetrics

Updated about 1 month ago

Job Description

The Cymetrics team is made up of experts in cyber risk management and penetrating testing, with experience in government as well as in the financial and telecommunications sectors. Our goal is to simplify complex cybersecurity penetration testing technology into a continuous rating using our self-developed cybersecurity assessment SaaS platform. This will allow companies to discover and manage their own cybersecurity risks before attackers do. In April 2020, our team assisted insurance platform OneDegree Hong Kong Limited, a subsidiary of the OneDegree group, to pass Hong Kong Insurance Authority and Deloitte Hong Kong's information security review and obtain their internet insurance license. In May 2021, we assisted OneDegree Global in obtaining the ISO27001 certification for information security management systems as well as the IS027017 certification for cloud security management systems, strengthening the management of the group's information security.

Cymetrics 是金融保險新創公司 OneDegree 的資安團隊,除了維護 OneDegree 的資安以外,也有自己的產品,目前正在開發新一代的資安 SaaS 平台,將不同層級的服務結合,打造一站式的資安服務體驗。除了自有產品以外,同時提供弱點掃描以及滲透測試等資安服務,協助客戶發現與改進資安相關問題。

Know more about Cymetrics: https://cymetrics.io/zh-tw/


How to apply

Please apply this position through 👉

https://grnh.se/b6f24a6f4us

It will help us process your applications faster!


Responsibilities

  • Plan and perform penetration test to help our client identify security issues.
  • Build automation tools to find vulnerabilities.
  • Research on websites or open source projects to find vulnerabilities and publish the research results.
  • Cooperate with cross teams to jointly study information security issues and risk assessments in related fields such as blockchain, CeFi, and DeFi.
  • 規劃以及執行滲透測試,協助客戶發現漏洞並進行改善。
  • 開發自動化資安工具,自動檢測網站/系統相關弱點。
  • 研究網站或開源專案漏洞,將研究結果寫成文章發佈。
  • 與內部的其他團隊合作,共同研究區塊鏈、CeFi 以及 DeFi 等相關領域的資安議題與風險評估。

Requirements

Requirements

  • 3+ years of experience as a security engineer or security researcher.
  • 3+ years of experience working in penetration testing.
  • Familiar with OWASP top 10 and other web vulnerabilities.
  • Familiar with automation tools like AppScan, WebInspect, Acunetix, OWASP ZAP etc.
  • Excellent Chinese and English communication skills
    • 三年以上資安工程師或資安研究員工作經驗。
    • 熟悉滲透測試流程並具有三年以上執行滲透測試之經驗或同等經歷。
    • 熟悉 OWASP top 10 與其他網頁相關漏洞,並熟知原理。
    • 流利的中英文能力。

    Plus

    • Interested in blockchain-related information security technologies.
    • Experienced with bug bounty or participating in CTF
    • Have written technical articles related to information security (vulnerability research, CTF writeup, etc.)
    • With security related certificates, such as CEH, OSCP or GWAPT, etc.
    • 對區塊鏈相關的資安技術有興趣
    • 有打過 bug bounty 或是參加過 CTF 的經驗
    • 有寫過資安相關之技術文章(漏洞研究、CTF writeup 等等)
    • 有資安相關證照,例如 CEH、OSCP 或是 GWAPT 等等


    Interview process

    面試流程

    • Phone interview
      • 1st Interview: 2 hours, meet with hiring team + HR
      • 2nd Interview: 1 hour, meet with Taiwan Director.
      1
      3 years of experience required
      1.2M ~ 1.8M TWD / year
      Optional Remote Work
      Personal Invitation Link
      This is your personal referral link for job invitation. You'll receive an email notification when someone applied for the position via your job link.
      Share this job
      Logo of OneDegree.

      About us

      關於我們

      OneDegree 團隊成立於 2016 年,已累計獲得包括 BitRock Capital、數碼港投資創業基金等著名投資機構超過 3,000 萬美元融資。旗下 OneDegree Hong Kong 是首間獲得授權於香港經營虛擬保險業務的科技保險公司,合作夥伴計有慕尼黑再保險及法國再保險等領先業界的再保險公司。旗下另一公司 OneDegree Global 則致力為保險公司和保險服務商提供數位解決方案,為業內領導者打造全新保險體驗。


      核心商業模式 純網路保險: Virtual Insurance

      OneDegree 在 2020 年 4 月取得香港純數位保險執照,經過了前幾年的累積,隔週便在香港推出了純網寵物保險。我們期望能透過數位化,讓使用者在更簡單且透明化的使用平台,了解複雜的保險產品,進而改變使用者對於保險的刻板印象外,更能利用保險讓生活更有保障。

      SaaS Product: IXT

      除了透過純數位保險改變一般人對保險的使用體驗外,從核心的角度協助保險產業數位轉型,是推動產業轉型非常重要的一環,因此我們推出協助保險產業革新的 SaaS 產品 — IXT。

      我們期望透過 IXT,協助產業優化營運效率,從保險產品的源頭到結尾,利用模組化功能協助企業在開始的保險產品配置及設定、核保自動化,到保單週期管理與理賠,另外,也能協助保險行銷活動管理。

      CaaS Platform: Cymetrics

      OneDegree 身為金融科技公司,是格外重視資訊安全佈局的,在資安議題日益關注的現況,我們觀察到市場對於資訊安全的需求,因此推出了資安即服務(Cybersecurity as a Service)平台,協助企業評估資安風險,提升資安曝險的可視性並以更敏捷及彈性化的方式管理資安風險。同時也經營著 Cymetrics Tech Blog,分享資訊安全與技術開發相關內容。

      更認識我們:OneDegree Tech Blog 

      在這個技術部落格我們將會分享更多關於 OneDegree 的技術分享,歡迎你來與我們激盪更多技術交流!


      Team

      Avatar of the user.
      HR Manager
      Avatar of the user.
      HR Specialist
      Avatar of the user.
      TW Officer
      Avatar of the user.
      HR Specialist
      Avatar of the user.
      HR
      Avatar of the user.
      HR Specialist

      Jobs

      Full-time
      Mid-Senior level
      2
      630K ~ 1.3M TWD / year
      Save

      Full-time
      Mid-Senior level
      1
      840K ~ 1.3M TWD / year
      Save

      Full-time
      Mid-Senior level
      1
      1.3M ~ 1.8M TWD / year
      Save