The Cymetrics team is made up of experts in cyber risk management and penetrating testing, with experience in government as well as in the financial and telecommunications sectors. Our goal is to simplify complex cybersecurity penetration testing technology into a continuous rating using our self-developed cybersecurity assessment SaaS platform. This will allow companies to discover and manage their own cybersecurity risks before attackers do. In April 2020, our team assisted insurance platform OneDegree Hong Kong Limited, a subsidiary of the OneDegree group, to pass Hong Kong Insurance Authority and Deloitte Hong Kong's information security review and obtain their internet insurance license. In May 2021, we assisted OneDegree Global in obtaining the ISO27001 certification for information security management systems as well as the IS027017 certification for cloud security management systems, strengthening the management of the group's information security.

Cymetrics 是金融保險新創公司 OneDegree 的資安團隊,除了維護 OneDegree 的資安以外,也有自己的產品,目前正在開發新一代的資安 SaaS 平台,將不同層級的服務結合,打造一站式的資安服務體驗。除了自有產品以外,同時提供弱點掃描以及滲透測試等資安服務,協助客戶發現與改進資安相關問題。

Know more about Cymetrics: https://cymetrics.io/zh-tw/


Responsibilities

  • Plan and perform penetration test to help our client identify security issues.
  • Build automation tools to find vulnerabilities.
  • Research on websites or open source projects to find vulnerabilities and publish the research results.
  • Cooperate with cross teams to jointly study information security issues and risk assessments in related fields such as blockchain, CeFi, and DeFi.
  • 規劃以及執行滲透測試,協助客戶發現漏洞並進行改善。
  • 開發自動化資安工具,自動檢測網站/系統相關弱點。
  • 研究網站或開源專案漏洞,將研究結果寫成文章發佈。
  • 與內部的其他團隊合作,共同研究區塊鏈、CeFi 以及 DeFi 等相關領域的資安議題與風險評估。

Requirements

  • 3+ years of experience as a security engineer or security researcher.
  • 3+ years of experience working in penetration testing.
  • Familiar with OWASP top 10 and other web vulnerabilities.
  • Familiar with automation tools like AppScan, WebInspect, Acunetix, OWASP ZAP etc.
  • Excellent Chinese and English communication skills
  • 三年以上資安工程師或資安研究員工作經驗。
  • 熟悉滲透測試流程並具有三年以上執行滲透測試之經驗或同等經歷。
  • 熟悉 OWASP top 10 與其他網頁相關漏洞,並熟知原理。
  • 流利的中英文能力。

Plus

  • Interested in blockchain-related information security technologies.
  • Experienced with bug bounty or participating in CTF
  • Have written technical articles related to information security (vulnerability research, CTF writeup, etc.)
  • With security related certificates, such as CEH, OSCP or GWAPT, etc.
  • 對區塊鏈相關的資安技術有興趣
  • 有打過 bug bounty 或是參加過 CTF 的經驗
  • 有寫過資安相關之技術文章(漏洞研究、CTF writeup 等等)
  • 有資安相關證照,例如 CEH、OSCP 或是 GWAPT 等等

 

面試流程

  • Phone interview
  • 1st Interview: 2.5小時, 2 小時技術面試+0.5 小時團隊適性面試。 
  • 2nd Interview: 1小時,與營運總監會面 

 

公司福利

好好工作,好好休息 (正職員工適用)

  • 加入第一天即享有年假,首年 15 天年假(依照入職比例發)
  • 每年全薪病假 5 天、全薪生理假 3 天

一起成長,持續精進 

  • 參加 conference、外部訓練都有補助 (正職員工適用)
  • 證照補助 (正職員工適用)
  • 前、後端技術分享社團、產品與管理職能讀書會

努力工作,我們也用力生活 

  • 健康檢查補助 (正職員工適用)
  • 社團補助 - 各種運動社團、桌遊社、電玩社、這週要幹嘛社
  • 定期補充的零食以及飲料櫃、義式咖啡機、氣泡水機
  • 舒適的開放式工作環境,距離捷運台北101站 5分鐘路程

應徵此職務

* 必填
resume chosen  
(File types: pdf, doc, docx, txt, rtf)