Security Risk Identification and Assessment: - Evaluate the access control mechanisms of enterprise systems from a technical perspective, identifying instances of excessive permissions or control defects. - Review cloud platform configurations and security group policies to identify potential security vulnerabilities and design flaws. - Assess technical protective measures during the transfer process of key enterprise data, identifying data leakage risk points. - Inspect the security configurations of various technical platforms and tools to identify gaps in security policy implementation. - Evaluate the effectiveness of endpoint protection technologies, identifying areas where security protection is lacking.
Technical Governance Plan Design: - Design technical remediation plans and best practices based on identified issues. - Develop technical optimization pathways for enterprise permission systems based on the principle of least privilege. - Formulate technical control strategies for data protection to ensure sensitive data is adequately protected at all stages. - Design security auditing and monitoring schemes to ensure risk points are identified and addressed promptly. - Assess the applicability of various security technologies and tools, recommending solutions that meet enterprise needs.
Remediation Promotion and Verification: - Work closely with technical teams to effectively implement security remediation measures. - Design and conduct technical verification tests to confirm that remediation measures achieve the desired effects. - Establish a tracking mechanism for security technological improvements, monitoring the progress and effectiveness of remediations. - Regularly review remediated projects to ensure their long-term effectiveness. - Summarize the results of security governance to form a report on technological security improvements.
Minimum Requirements
Education and Experience: - Bachelor's degree or higher in Computer Science, Information Security, or a related technical field. - 7 years of experience in security technology or security operations, with clear experience in security governance.
Technical Skills: - Knowledge in security technologies, understanding common security threats and defense mechanisms. - Understanding of identity authentication and authorization technologies (such as RBAC, OAuth) and their application in enterprise environments. - Knowledge of data security controls, understanding the workings of DLP, encryption, and other technologies. - Familiarity with common security tools and their configuration.
Soft Skills: - Excellent problem discovery and analytical skills, able to identify security flaws in complex systems. - Good communication skills, able to clearly articulate technical security requirements and drive their implementation. - Outstanding project management skills, able to coordinate resources from multiple parties to complete security improvements.
Preferred Requirements
Education and Experience: - Familiarity with the IT environments and security architectures of large enterprises.
Technical Skills: - Familiarity with cloud security architectures and control mechanisms, with experience using mainstream cloud platforms such as AWS/Alibaba Cloud. - Some programming or scripting capabilities (e.g., Python, Shell), able to analyze and verify security issues.
Soft Skills: - Ability to think from other perspectives, balancing security needs with business development requirements. - Patience and resilience, able to continuously push forward security improvements.
