Fresh Grad Hire-Penetration Testing Engineer

• Conduct vulnerability discovery and penetration testing for company application systems, servers, and network infrastructure. Deeply understand various business transaction characteristics and associated risks.
• Perform regular cybersecurity assessments, including penetration tests for web applications, mobile apps, APIs, and internal systems. Identify vulnerabilities, provide remediation recommendations, and evaluate the defensive capabilities of fintech systems.
• Produce detailed penetration test reports outlining vulnerability risk levels, potential impact, and mitigation measures. Present findings to technical teams and management.
• Assist in security incident response, analyze attack vectors, and support forensic investigations. Stay updated on the latest security vulnerabilities (e.g., CVE/CNVD) and offensive/defensive techniques to continuously improve testing methodologies.

Requirements

• Bachelor's degree or higher in Computer Science, Information Security, or a related field. Knowledge of blockchain technology is required.
• Familiar with web, application, and network security offensive and defensive techniques; capable of performing penetration testing tasks under guidance. Candidates with experience in cyber defense exercises (such as China's "Huwang Actions") are preferred.
• Proficient in common attack methods, principles, and countermeasures, including OWASP Top 10 vulnerabilities, middleware (nginx, Apache, Tomcat, etc.), and open-source component vulnerabilities (log4j, fastjson, etc.). Additionally, familiar with penetration testing tools such as Burp Suite, SQLMap, Nmap, and the Metasploit penetration testing framework.
• Ability to utilize scripting languages (Python, Shell) for task automation and data analysis to rapidly diagnose and resolve cybersecurity incidents.