Sr. Cybersecurity Engineer 資深資安工程師

基本職責和責任

Moxa 正在尋找在資安技術、產品開發方面具有行業經驗的強大團隊成員。 該角色將通過 Moxa 工業產品的 SSDLC 流程在 IACS（工業自動化控制系統）安全保證中發揮關鍵作用。

主要職責

• 產品風險評估、威脅建模、漏洞評估
• 優化與執行資訊安全相關之通報、回應、演練、應變程序
• 漏洞研究、概念驗證(POC)與影響評估
• 強化Moxa產品SSDLC流程與團隊合作完成安全產品開發並符合國際認證要求
• 制定與審查Moxa產品資安相關功能規格、設計與實作
• 回應Moxa產品資安事件
• 開發資安相關之必要工具
• 研究開發安全技術與功能
• 資安教育訓練，提升團隊資安意識

Essential Duties And Responsibilities

Moxa is looking for a strong team player with industry experience in cybersecurity risk management, assessments, and audit compliance. The role will play a key part in the IACS (Industrial Automation Control System) security assurance through SSDLC process on Moxa industrial products.

Major Responsibility

• Risk assessment, vulnerability assessment, threat modeling
• Improve and responsible for security related SOP
• Vulnerability research, POC implement and impact assessment
• Enhance Moxa SSDLC process, and successfully working with internal stakeholders
• Build and review Moxa product security spec, design and implementation
• Response product security incident
• Develop necessary tools for cybersecurity related development
• Research and develop security related technology and feature
• Conduct cybersecurity training and enhance R&D team's cybersecurity awareness.

最低資格

• 2年以上軟體開發專業經驗
• 熟悉安全軟體開發流程(SSDLC)相關工具以及安全相關活動議題
• 具程式安全寫作、漏洞研究經驗, 或作業系統安全和安全開發方面的經驗
• 了解安全協定、密碼學、認證、授權
• 了解安全需求收集、風險評估、威脅建模、漏洞評估的開發實踐
• 與團隊的良好協作和技術領導技能
• 具同理心與產品團隊合作解決問題

Minimum Qualifications

• 2+ years of professional experience in software development
• Familiar with building tools to support SSDLC and other security initiatives
• Experience in secure programming, vulnerability study, or experience in operating system security and secure development patterns.
• Understanding of security protocols, cryptography, authentication, authorization.
• Understanding the development practice of security requirements gathering, risk assessment, threat modeling, vulnerability assessment.
• Good collaboration & technical leadership skills with internal stakeholders
• Good to put yourself in other's shoes, work with product team to achieve company goal.

有以下經驗者優先

• 2年以上 C 代碼審查經驗
• 具有相關專業資格之一者優先，例如 CSSLP、ISA/IEC 62443、OSCP
• 熟悉各種安全活動的工具：靜態/動態代碼分析、CVE tracking, 滲透測試
• 了解工控協定、OT場域生態
• 具有培訓經驗

Candidates with following experiences is a plus

• 2+ years C code review experience
• Either of relevant professional qualifications is a plus, such as CSSLP, ISA/IEC 62443, OSCP
• Familiarity with the tools for various security activities: static/dynamic code analysis, CVE tracking, penetration testing.
• Understanding of industrial protocol, OT field ecosystem
• Carefulness
• Experience in training

1. 落實經營成果共享理念 　

• 年度績效獎金 　
• 員工分紅(集團卓越激勵計畫)

2. 建立專職文化福利組織 　

• 擴大員工福利政策及社會公益活動執行 　
• 發展同仁第二職能，做整體職涯規劃

3. 給予同仁多重保障與照顧 　

• 提供勞保、健保及團體保險

4. 鼓勵同仁出國旅遊，增廣見聞 　

• 提供高額國外旅遊特別補助金

5. 豐富同仁的生活 　

• 成立員工俱樂部辦理年度國內旅遊及慶生活動 　
• 每週三第一個小時為讀思樂時間，培養人文思維拓展視野

6. 培養同仁工作以外的興趣 　

• 專案提撥社團活動經費，同仁可自組社團申請補助 　　(羽球社、單車社、瑜珈社、熱舞社、攝影社、靜心社...)

7. 充實同仁工作知識與技能 　

• 內外部教育訓練 　
• 工作輪調機會

8. 週休二日及優於勞基法之休假制度