知名零售公司
Senior Cyber Security Manager(DevSecOps/SOC)
零售批发
网络安全
Shanghai
More than 10 years
Bachelor
Negotiable
Job Description
Position Summary
The Cybersecurity (Senior) Manager – Security Operations & DevSecOps Engineering is responsible for leading both strategic and operational initiatives that integrate security into development pipelines and manage enterprise-wide security operations. This role demands deep expertise in DevSecOps methodologies, security operations, and cross-functional collaboration to safeguard sensitive data, ensure regulatory compliance, and mitigate cyber threats. The ideal candidate will champion a security-first mindset while aligning with business goals and industry standards.
Key Responsibilities
DevSecOps Engineering
Security Integration: Embed security into development workflows through static/dynamic code analysis, vulnerability scanning, and compliance checks using tools such as SonarQube, Snyk, and OWASP ZAP.
Infrastructure as Code (IaC): Promote secure adoption of IaC using tools like Terraform and Ansible to build scalable, secure cloud environments (AliCloud, AWS, Azure).
Cross-Team Collaboration: Partner with development, operations, and security teams to foster a DevSecOps culture, offering guidance on secure coding and infrastructure hardening.
Risk Remediation: Provide technical recommendations and remediation strategies for security risks identified during DevSecOps processes.
Training & Enablement: Deliver DevSecOps solutions and training sessions, sharing best practices, tools, and compliance standards to enhance team capabilities.
Security Operations
Security Operations Center (MSOC):
Lead 24/7 threat monitoring, detection, and response operations.
Define and maintain incident triage, escalation protocols, and threat intelligence processes.
Drive incident response efforts, root cause analysis, and remediation strategies.
Optimize detection and response times (MTTD/MTTR) and improve incident resolution effectiveness.
Conduct performance reviews aligned with SLAs and KPIs.
Collaborate with Group Cybersecurity on incident management, policy alignment, and reporting.
Oversee endpoint protection, DLP, and network security initiatives.
Security Tools Management
Ensure proper configuration, updates, and performance of security tools including IDS/IPS, email protection, antivirus, firewalls, WAF, and XDR.
Manage MSSP partnerships, evaluate service quality, negotiate contracts, and ensure alignment with security needs.
Audit MSSP performance against SLAs and address service gaps.
Oversee technical policies and solutions across firewalls, endpoint, cloud, and web/email security.
Continuously assess and enhance the effectiveness of security tools to strengthen the organization’s security posture.
Security Infrastructure & Enhancement
Collaborate with IT Infrastructure and Operations teams to secure networks, endpoints, and cloud environments.
Review and validate infrastructure designs from a security perspective.
Support operational teams in identifying and mitigating vulnerabilities.
Leadership & Mentorship
Provide guidance and mentorship to junior cybersecurity team members.
Actively engage with the global SOC team to share insights, refine best practices, and improve security protocols.
Qualifications
Strong knowledge of security tools for vulnerability scanning, penetration testing, and compliance (e.g., Snyk, Qualys, Nessus, OWASP ZAP).
Experience with CI/CD tools (Jenkins, GitLab CI, CircleCI) and version control systems (Git).
Proficient in cloud platforms (AliCloud, AWS, Azure) and their security features.
Skilled in IaC tools (Terraform, Ansible, CloudFormation) and container technologies (Docker, Kubernetes).
Scripting proficiency in Python, Bash, or Go.
Passionate about cybersecurity with a drive for continuous learning and innovation.
Bachelor’s degree in Computer Science, Information Security, or related field; 5–7 years of relevant experience.
Advanced certifications (e.g., CCNSE, CCSE, CKS, CKA, GIAC, CISSP, CISM, CEH, CompTIA Security+) are highly desirable.
Familiarity with SIEM, SOAR, firewalls, antivirus/EDR, and web/email protection systems.
Deep understanding of networking protocols and cybersecurity best practices.
Job Requirements
Solid knowledge and experience of security tools for vulnerability scanning, penetration testing, and compliance (e.g., Snyk, Qualys, Nessus, OWASP ZAP).
Experience with CI/CD tools (Jenkins, GitLab CI, CircleCI) and version control systems (Git).
Proficiency in cloud platforms (AliCloud, AWS, Azure) and their security services and solutions
Expertise in IaC tools (Terraform, Ansible, CloudFormation) and containerization technologies (Docker, Kubernetes).
Scripting skills in Python, Bash, or Go for automation and tooling.
A genuine passion for technical cybersecurity, and a deep desire to learn and drive change.
Minimum of 5-7 years of experience, bachelor degree in Computer Science, Information Security, or a related field.
Advanced certifications (e.g., CCNSE, CCSE, CKS, CKA, GIAC Pen-Tester, CISSP, CISM, CEH, CompTIA Security +) are a strong plus.
Knowledge of security tools and technologies, including SIEM, SOAR, firewalls, antivirus & EDR software, and Web & email protection systems.
Deep understanding of networking protocols, security technologies, and best practices
Excellent communication, collaboration & interpersonal skills.
Ability to work collaboratively in a fast-paced environment and effectively prioritize and manage multiple tasks and projects.
Proficient in English and Mandarin.
Consultant
Shawn Cong
团队经理-IT & Cyber Security
Share