Job description
Who are we?
At HoYoverse, we are committed to creating immersive virtual world experiences for players around the world. In addition to game products such as Genshin Impact, Honkai Impact 3rd, Tears of Themis, and Honkai: Star Rail, HoYoverse also launched the dynamic desktop software N0va Desktop, the community product HoYoLAB, and created a variety of products such as animations, comics, music, novels, and merchandise around our original creative concept.
Adhering to our mission of Tech Otakus Save the World, we have always been committed to technology research and development, exploring cutting-edge technologies, and have accumulated leading technical capabilities in cartoon rendering, artificial intelligence, cloud gaming technology, and other fields.
HoYoverse is actively engaged in globalization, with offices in Singapore, Montreal, Los Angeles, Tokyo, Seoul, and other areas.
What you will do:
Participate in setting up our payment and account platform's security development lifecycle, including but not limited to requirements review, tech spec review, security testing, etc.
Responsible for application security analysis, threat modeling, black-box testing, white-box code auditing, security component development, etc. Propose solutions for potential security risks.
Responsible for improving our DevSecOps systems, such as setup the R&D security process and designing related standards and requirements.
Collaborate with development teams to design and deliver secured applications, solutions, and safety compliance reports.
What you will need:
1.Bachelor's degree or above with 3+ years working experience in SDL or DevSecOps in tech companies.
2.Familiar with OWASP TOP 10 vulnerabilities and have a deep understanding of vulnerability principles (exploitation and protection reinforcement).
3.Experienced with setup security development lifecycle.
4.Participated in requirements review, tech spec review based on the perspective of security. Have practices of security design checklist.
5.Proficiency in black-box testing methods and paths, and proficiency in using white-box code audit tools.
6.Familiar with security modules/components and have experience in developing security components.
7.Have experience with conducting security training.
What are good to have:
1.Have developed automated detection tools and have been tested by open-source with some effect.
2.Expertise in vulnerability mining, code auditing, or security solutions.
3.Have experience in discovering high-risk vulnerabilities in a global public platform.
4.Fluent in Mandarin and English to liaise with teams.
We are an equal opportunity employer that believes diverse backgrounds are key to bringing our concepts to life. If you're looking to play a key role in creating the best immersive virtual world experience for our users, we invite you to join our team.
Remote 100%
0 comments