Associate Security Research Engineer, Cymetrics (Welcome newbie in Cybersecurity)

Cymetrics is one of the few manufacturers in Taiwan that has its own proprietary cybersecurity tools. The team is made up of experts in cyber risk management and penetrating testing, with experience in government as well as in the financial and telecommunications sectors. Not only do we carry out red team penetration testing and vulnerability scanning, but we also develop our own cybersecurity SaaS products. Many of our long-term clients are well-known major companies across various industries. Moreover, we are a team that consistently steps out of our comfort zone, researching the latest topics, such as Web3 cybersecurity. 

Our organizational culture is flat, valuing the opinions of every member. If you're interested in the cybersecurity industry, come join us!

Cymetrics 是台灣少數擁有自己專有網絡安全工具的製造商之一。 該團隊由網絡風險管理和滲透測試方面的專家組成，擁有政府、金融和電信領域的經驗。 我們不僅進行紅隊滲透測試和漏洞掃描，還開發自己的網絡安全SaaS產品。 我們的許多長期客戶都是各行業的知名大公司。 此外，我們是一支不斷走出舒適區的團隊，研究最新的主題，例如 Web3 網絡安全。 

我們的組織文化是扁平化的，重視每一位成員的意見。 如果您對網絡安全行業感興趣，歡迎加入我們！

Know more about Cymetrics: https://cymetrics.io/zh-tw/

How to apply

Please apply for this position through 👉

https://grnh.se/7646759a4us

It will help us process your applications faster!

Responsibilities

• Plan and execute penetration tests, assisting clients in identifying vulnerabilities and implementing improvements.
• Develop automated cybersecurity tools to automatically detect vulnerabilities in websites/systems.
• Collaborate with PMs, designers, and front-end and back-end engineers to enhance cybersecurity products and platforms.
• Research vulnerabilities in websites or open-source projects and publish the findings in articles.
• Information security vulnerability incident investigation and research.
• Assist in the troubleshooting and resolution of information security product errors.
• Assist with other operational matters.
  
  
• 規劃和執行滲透測試，協助客戶識別漏洞並實施改進。
• 開發自動化網絡安全工具來自動檢測網站/系統中的漏洞。
• 與產品經理、設計師、前後端工程師合作，增強網絡安全產品和平台。
• 研究網站或開源項目中的漏洞並以文章形式發布研究結果。
• 信息安全漏洞事件調查研究。
• 協助排查和解決信息安全產品錯誤。
• 協助處理其他業務事宜。
  

• 1+ years of work experience in a software company.
• Interest and enthusiasm for information security.
• Clear thinker and creative problem-solver, able to glean insights, develop a vision, and bring it to life with actionable plans.
• Ability to thrive in an environment of rapid change, moving targets, limited resources, high intensity, and cross-functional dependencies.
• Ability to prioritize tasks when faced with multiple deadlines and operate under tight deadlines.
• Ability to work independently and autonomously, while maintaining a team-oriented attitude.
• Exceptional organizational skills and attention to detail.
• Good communication skills and teamwork.
• Have a basic understanding of Linux and command-line operations.
• Basic understanding of any Script Language.
• Basic understanding of network principles TCP and firewalls.

• 1年以上的軟體公司工作經驗。
• 對資訊安全的興趣和熱情。
• 清晰的思考者和創造性的問題解決者，能夠收集見解，制定願景，並通過可行的計劃將其變為現實。
• 能夠在快速變化、目標變化、資源有限、高強度和跨職能依賴性的環境中蓬勃發展。
• 能夠在面臨多個截止日期時確定任務的優先順序並在緊迫的截止日期內進行操作。
• 能夠獨立自主地工作，同時保持團隊合作的態度。
• 良好的組織能力和對細節的關注。
• 良好的溝通能力和團隊合作精神。
• 對 Linux 和命令行操作有基本的了解。
• 對任何程式語言有基本的了解。
• 基本了解網絡原理 TCP 和防火牆。

Plus

• Experienced with bug bounty or participating in CTF
• Have written technical articles related to information security (vulnerability research, CTF writeup, etc.)
• With security-related certificates, such as CEH, OSCP or GWAPT, etc.
  
  
• 有打過 bug bounty 或是參加過 CTF 的經驗
• 有寫過資安相關之技術文章（漏洞研究、CTF writeup 等等）
• 有資安相關證照，例如 CEH、OSCP 或是 GWAPT 等等

• Phone interview (30mins)
• Interview (1.5 hrs) :
  - 45 mins with Team Members
  • 自我介紹以及過去背景理解
  • 資安基礎知識 / 網路知識
  • 國外英文技術文章解讀(想了解英語程度)

         - 30 mins with Hiring Managers, 15 mins with HR