外资零售快消集团
Application Security Architect
时装零售
网络安全
上海
10年以上
本科
面议
职位描述
• Drive the integration of security practices into the SDLC and DevOps processes to ensure continuous protection across the entire development lifecycle.
• Establish, maintain, and enforce secure coding standards and development guidelines for engineering teams.
• Perform security assessments, code reviews, and vulnerability testing for applications, including those leveraging AI technologies.
• Design and implement application level security controls such as authentication, authorization, input validation, and secure API mechanisms.
• Assess, select, and deploy application security tools and related technologies.
• Provide developers with guidance and training on secure development methodologies and emerging security threats.
• Partner with IT, Security Operations, and Security Governance teams to remediate vulnerabilities and support incident response activities.
• Continuously monitor and stay informed about the latest trends in application security, AI security, and threat intelligence.
职位要求
• Minimum of 8 years of experience in application security, DevSecOps, or related domains.
• Strong expertise in cloud security architecture, IAM design, and defense in depth strategies.
• Practical experience in secure software development, code analysis, and vulnerability management.
• Understanding of AI security principles and the security considerations of machine learning models.
• Familiarity with major information security frameworks (e.g., OWASP, ISO27001, ISO27701, NIST CSF) and application security best practices, as well as tools such as SAST, DAST, and IAST.
• Experience in offensive security—such as penetration testing or red teaming—is a plus.
• Security certifications (CSSLP, CISSP, SANS, GIAC, OSCP, OSCE) are preferred.
• Cloud and infrastructure certifications (AWS, Azure, Linux, Windows, VMware, Cisco) are also preferred.
• Degree in IT, Information Security, Computer Science, Software Engineering, or a related field.
• Proactive, adaptable, and committed to staying current with evolving threats and technologies.
• Strong communication skills, capable of explaining complex security concepts to both technical and non technical audiences.
• Ability to manage multiple tasks, prioritize effectively, and drive projects to completion.
• Capable of working independently as well as collaboratively within a team.
• Highly motivated, responsible, and able to take ownership of tasks and outcomes.
咨询顾问
Shawn Cong
团队经理-IT & Cyber Security
分享