Penetration Testing Engineer

Job Responsibilities / Responsibilities

• Conduct penetration testing, vulnerability assessments, and security validation exercises on applications, systems, platforms, and network environments.
  Responsible for penetration testing, vulnerability assessment, and security validation of application systems, platforms, and network environments.

• Identify potential security weaknesses, misconfigurations, and exploitable vulnerabilities, and provide practical remediation recommendations.
  Identify potential security weaknesses, configuration defects, and exploitable vulnerabilities, and propose executable repair suggestions.

• Analyze attack paths, exploitation logic, and post-exploitation impact, and support the assessment of business and technical security risks.
  

• Prepare technical testing reports, vulnerability summaries, and risk assessment documentation with clear and professional findings.
  Output technical test reports, vulnerability summaries and risk assessment documents, ensuring that the report content is clear, professional and actionable.

• Support incident analysis, attack investigation, and security improvement recommendations where necessary.
  Participate in security event analysis, attack investigation, and security optimization advice work when necessary.

• Collaborate with internal teams to strengthen system hardening, secure development awareness, and overall cyber defense posture.
  Collaborate with internal teams to promote system hardening, security awareness, and overall defense capabilities.

• Bachelor’s degree or above in Cybersecurity, Computer Science, Information Security, Engineering, or related disciplines.
  Bachelor's degree or above, with a preference for majors such as network security, computers, information security, and engineering.

• Experience in advanced penetration testing areas such as red teaming, post-exploitation, or security research would be a plus.

Applicants with experience in advanced penetration testing areas such as red team exercises, post-penetration testing, or security research will be given priority.

• Hands-on experience in penetration testing, ethical hacking, vulnerability assessment, red teaming, or technical security assessment.
  Have practical experience in penetration testing, white hat defense, vulnerability assessment, red team testing, or technical security evaluation.

• Familiar with common vulnerabilities, attack techniques, web/application/network security principles, and security testing methodologies.
  Familiar with common vulnerabilities, attack techniques, web/application/network security principles and security testing methodolgies.

• Proficiency in using mainstream security testing tools and strong analytical skills in identifying and reproducing technical issues.
  Able to proficiently use mainstream security testing tools, with strong problem analysis and vulnerability reproduction abilities.

• Security certifications such as OSCP, OSCE, CEH, CISP, or related qualifications would be an advantage.
  Applicants with OSCP, OSCE, CEH, CISP, and other relevant security certifications are preferred.

• Strong sense of responsibility, technical curiosity, and the ability to communicate technical risks clearly to stakeholders.
  Have a sense of responsibility, technical research spirit, and be able to clearly communicate safety risks and technical conclusions.