Job Description

:

• Vulnerability Management - Work collaboratively with Product and Technology team members to identify, validate, communicate, and track vulnerabilities in the company\'s assets, applications, and networks.
• Use intelligence feeds such as vulnerability reports and risk assessments to rate and prioritize vulnerabilities within the company\'s environment.
• Document vulnerabilities which are discovered within the company\'s estate and provide guidance on remediation and mitigations.
• Review vulnerabilities with internal team and technology suppliers, highlighting any vulnerabilities which need urgent remediation and analyses trend data to look at performance over time.
• Comfortable using tool vulnerability scanning and other security tooling.
• Assist with the governance of vulnerabilities such as tracking remediation, investigating the root cause of vulnerability occurrences, and running initiatives to reduce vulnerabilities.
• Provide input and advise of any changes required to the company\'s standards and SOPs.
• Where possible look for opportunities to automate risk assessment procedures, hands on tasks and data collection.
• Be involved in additional supporting role for strategical work and security related projects when necessary.

Qualifications:

• Bachelor\'s Degree in Computer Science or any IT related field.
• Minimum 5 years\' experience working with one of the following: - infrastructure security, application security, cloud security, and container security.
• Familiar with security testing procedures, security scanning tools, vulnerability, and compliance management. Penetration testing is especially beneficial.
• Proficiency in scanning tools such as Tenable, Veracode, Prisma, Qualys or similar vulnerability scanning tools.
• Relevant experience with security benchmarks, such as CIS, OWASP, SANS, etc.
• Familiarity with cloud-native concepts and tools e.g. Azure Kubernetes Services
• Preferable with Information Security related certifications e.g., Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH)
• Excellent verbal and written communication skills, fluent in English

About Us:Beyondsoft (listed by the Shenzhen Stock Exchange, stock code 002649) is a global provider of IT consulting, product and solution services. Relying on strong R&D and innovation capabilities, the company widely adopts emerging technologies based on big data and mobile internet, including big data management platform, enterprise risk warning and public opinion monitoring system, AI-based intelligent operation and maintenance service, and intelligent automated test products. And a wide range of products and solutions, including internationally authoritative software testing qualification training, for a wide range of services in the fields of high technology, internet, finance, retail, logistics, energy, manufacturing, and medical.For more information, please visit www.beyondsoft.com

Beyondsoft