Responsibilities
1. Responsible for the attacking side related work in the internal red-blue confrontation drill 2. Responsible for providing security advice and technical support for major security incidents from the attack perspective 3. Responsible for the research and summary of actual attack techniques and tactics.
Qualifications
1. Proficient in the use of common penetration testing tools, and have a deep understanding of their principles, and can improve the adaptability of tools according to attack and defense confrontation scenarios 2. Familiar with the principles of common vulnerabilities in computer networks, operating systems, middleware, databases, Web applications, etc., and have relatively outstanding utilization experience and vulnerability mining capabilities in penetration testing and attack and defense drills 3. Familiar with the penetration testing process, have rich comprehensive practical experience in complex network environments, and have independently completed actual penetration cases from borders to intranets 4. Have special expertise in red-blue confrontation scenarios such as border breakthroughs, intranet penetration, and social engineering phishing 5. It is required to master at least one programming language and have certain development capabilities to automate repetitive security work. Bonus points: 1. Familiar with cloud computing security models and cloud security architecture, and have practical attack and defense experience related to cloud security 2. Familiar with AI security and large model security, have basic big data processing/analysis capabilities, familiar with LLM technical principles and applications, and know its common security testing methods 3. Have achieved good results as a main member in attack and defense drills and security competitions have submitted high-quality topics or vulnerabilities in security conferences and domestic and foreign public testing.
