The network security engineer is responsible for the security evaluation and testing of the company's website and business system; Security reinforcement of the company's systems; Respond to company security incidents, clean the back door, and analyze the attack path according to the log; Security technology research, including security prevention technology, hacking technology, etc. Track the latest vulnerability information and conduct security checks on business products. The scope of responsibilities is broader, including penetration testing.
Penetration test engineers are mainly responsible for the implementation of penetration test technical services and the preparation of penetration test reports; Responsible for technical exchange and training of penetration testing; Responsible for code auditing, vulnerability detection and verification, and vulnerability mining; Responsible for learning and researching the latest penetration testing technology.
Requirements for applying for the position of penetration test engineer:
Familiar with network protocols such as switching routing, ACL, NAT and other technologies, familiar with network product configuration and working principle; Familiar with security configuration of LINUX, AIX and other operating systems; Familiar with ORACLE, MSSQL, MYSQL and other database security configuration; Familiar with WEB, FTP, email and other application security configuration;
Proficient in using various penetration testing tools, familiar with manual injection, upload, man-in-the-middle attack test and business logic vulnerability test;
Familiar with scripting languages such as HTML, XML, ASP, PHP and JSP. , and can use C/C++, JAVA,. Net, PYTHON, etc. Used for program development;
Familiar with Trojan horse, backdoor technology, SHELLCODE technology, non-lethal technology, password cracking technology, vulnerability mining technology, remote control technology, etc.
Requirements for applying for the position of network security engineer:
Bachelor degree in computer application, computer network, communication, information security and other related majors, with more than three years working experience in network security field;
Proficient in network security technology: including port, service vulnerability scanning, program vulnerability analysis and detection, authority management, intrusion and attack analysis and tracking, website penetration, virus Trojan horse prevention, etc.
Familiar with tcp/ip protocol, sql injection principle and manual detection, memory buffer overflow principle and preventive measures, information storage and transmission security, packet structure, ddos attack types and principles, and have some experience in ddos attack and defense, iis security settings, ipsec, group policy and other system security settings;
Familiar with windows or linux system, proficient in at least one language such as php/shell/perl/python/c/c++;
Understand the configuration and use of mainstream network security products, such as fw (firewall), ids (intrusion detection system), scanner, audit, etc. );
Good at expression and communication, honest and trustworthy, strong sense of responsibility, high work efficiency and good team spirit.