3年以上
本科
2026-02-28 03:33:34
958人關注
職位描述
該職位還未進行加V認證,請仔細了解后再進行投遞!
職位角色
核心職責為保障產品 / 服務 / 系統的安全性與穩定性。通過對產品、服務及系統開展高效且全面的安全評估,確保其安全功能的可靠性。安全評估專員作為該領域的技術專家,需負責識別并協助解決各類安全問題,同時為硬件產品的安全測試提供焊接技術支持。本職位向中國區產品安全總監直接匯報,同時在職能上向印度卓越中心經理虛線匯報。
任職要求
工作經驗:擁有 3 年以上安全領域從業經驗,且在以下至少一個或多個領域具備專業能力:
人工智能安全測試
物聯網安全測試
藍牙 / 紫蜂 / 無線網絡安全測試
移動應用滲透測試
網絡應用 / 網絡服務安全測試
基礎設施安全測試
云安全評估
安全測試自動化與集成
技能要求
熟練使用各類安全評估工具;
具備嵌入式設備實操經驗;
熟悉 JTAG、UART、SPI、I2C、MQTT 等硬件通信協議;
深入理解實時操作系統、全功能操作系統等各類固件系統;
掌握.exe、ELF 等格式應用程序二進制文件的逆向工程技術;
具備物聯網設備安全評估與滲透測試經驗;
精通 IEEE 802.11 無線網絡標準協議;
熟悉 WPA3、WPA2、WEP 等加密標準;
了解基于 802.1X 協議的網絡訪問控制技術;
掌握 IPSec、L2TP、SSL/TLS 等 VPN 通信協議;
具備無線網絡設備安全評估與滲透測試經驗;
具備藍牙設備安全評估與滲透測試經驗;
熟練使用 BlueZ、藍牙掃描器、Wireshark 等藍牙安全分析工具;
理解 IEEE 802.15.1 等無線通信安全框架;
具備漏洞手工利用實操經驗,能夠編寫測試報告,精準定位漏洞,并針對漏洞利用方式提供詳細整改建議;
熟悉當前應用安全領域的主流威脅與風險。
加分項(非硬性要求)
具備 Java、.Net、C、C 等編程語言或開發平臺使用經驗者優先;
參與過多個產品 / 項目 / 應用的端到端應用安全測試,且對軟件開發生命周期(SDLC)及測試生命周期有深刻理解者優先。
證書要求:需持有至少一項以下專業認證證書
注冊道德黑客(CEH)
職業滲透測試認證(OSCP)
注冊軟件生命周期安全專家(CSSLP)
注冊信息系統安全專家(CISSP)
注冊事件處理專家(GCIH)
注冊滲透測試工程師(GPEN)
出差要求:能夠接受不定期出差安排,包括國內出差(蘇州、沈陽、深圳)及國際出差(印度班加羅爾、荷蘭)
語言要求:精通普通話與英語
關于飛利浦
飛利浦是一家全球領先的健康科技企業。我們秉持 “每一個生命都同等重要” 的核心理念,致力于讓世界各地的人們都能享有高品質的醫療健康服務,矢志不渝,步履不停。加入我們,在成就一番不凡事業的同時,為改善人類生命質量貢獻力量。
了解更多業務詳情
探索我們精彩紛呈的品牌歷史
深入解讀企業使命愿景
若你對本職位感興趣,且滿足大部分任職要求,我們熱忱歡迎你的投遞。即使不完全符合所有條件,你仍有可能成為本崗位或飛利浦其他職位的合適人選。點擊此處,了解更多飛利浦 “用心創造影響力” 的企業文化。
Your role:
Key tasks are to assure security robustness, by conducting efficient and effective security assessments on products / services / systems to ensure robustness w.r.t the security features. The security assessor is a subject ma er expert who identifies and helps resolve security issues, and also supports soldering work for hardware product security tests. The position reports to Director Product Security China, and dot-line functionally report to Indian SCoE manager.
You're the right fit if:
3 years of progressive experience in security domain with expertise in any one or more of the following areas:
AI Security testing
IoT Security testing
Bluetooth/Zigbee/Wi-Fi security testing
Mobile application hacking
Web application / Web Services security testing
Infrastructure security testing
Cloud security assessments
Automation and integration of security testing
Good hands-on experience with Security Assessment tools
Good hands-on experience with embedded devices
Exposure to Hardware protocols such as JTAG, UART, SPI, I2C, MQTT etc.
Good understanding of types of Firmware such as RTOS, Full pledged Operating system etc.
Good Knowledge in reverse engineering the application binaries such as .exe and ELF etc.
Experience in conducting security assessments and penetration testing on IoT devices
Should be Proficient in IEEE 802.11 standards (Wi-Fi)
Knowledge of WPA3, WPA2, and WEP encryption standards
Familiarity with 802.1X for network access control
Understanding of VPN protocols (IPSec, L2TP, SSL/TLS)
Experience in conducting security assessments and penetration testing on Wi-Fi devices
Experience in conducting security assessments and penetration testing on Bluetooth devices
Familiarity with tools for Bluetooth security analysis (e.g., BlueZ, Blescanner, Wireshark)
Understanding of security frameworks for wireless communications (e.g., IEEE 802.15.1)
Experience on manual exploitation of vulnerabilities, generating the reports, pin-pointing the vulnerabilities and provide detail recommendations on vulnerability exploitation
Exposure to current security threats, specific to the application security
*Experience/exposure to programming platforms such as Java /.Net/ C and C , is an added advantage
*Should have been involved in end to end application security testing for multiple products / projects / applications with good appreciation for SDLC and test life cycle.
Certifications: CEH/OSCP/CSSLP/CISSP/GCIH/GPEN (at least one)
Willing to occasionally travel domestically (Suzhou, Shenyang, Shenzhen) and international (Bangalore, The Netherlands)
Languages: Mandarin and English
Note (*): highly recommended but non-mandatory
About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
61 Learn more about our business.
61 Discover our rich and exciting history.
61 Learn more about our purpose.
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.
核心職責為保障產品 / 服務 / 系統的安全性與穩定性。通過對產品、服務及系統開展高效且全面的安全評估,確保其安全功能的可靠性。安全評估專員作為該領域的技術專家,需負責識別并協助解決各類安全問題,同時為硬件產品的安全測試提供焊接技術支持。本職位向中國區產品安全總監直接匯報,同時在職能上向印度卓越中心經理虛線匯報。
任職要求
工作經驗:擁有 3 年以上安全領域從業經驗,且在以下至少一個或多個領域具備專業能力:
人工智能安全測試
物聯網安全測試
藍牙 / 紫蜂 / 無線網絡安全測試
移動應用滲透測試
網絡應用 / 網絡服務安全測試
基礎設施安全測試
云安全評估
安全測試自動化與集成
技能要求
熟練使用各類安全評估工具;
具備嵌入式設備實操經驗;
熟悉 JTAG、UART、SPI、I2C、MQTT 等硬件通信協議;
深入理解實時操作系統、全功能操作系統等各類固件系統;
掌握.exe、ELF 等格式應用程序二進制文件的逆向工程技術;
具備物聯網設備安全評估與滲透測試經驗;
精通 IEEE 802.11 無線網絡標準協議;
熟悉 WPA3、WPA2、WEP 等加密標準;
了解基于 802.1X 協議的網絡訪問控制技術;
掌握 IPSec、L2TP、SSL/TLS 等 VPN 通信協議;
具備無線網絡設備安全評估與滲透測試經驗;
具備藍牙設備安全評估與滲透測試經驗;
熟練使用 BlueZ、藍牙掃描器、Wireshark 等藍牙安全分析工具;
理解 IEEE 802.15.1 等無線通信安全框架;
具備漏洞手工利用實操經驗,能夠編寫測試報告,精準定位漏洞,并針對漏洞利用方式提供詳細整改建議;
熟悉當前應用安全領域的主流威脅與風險。
加分項(非硬性要求)
具備 Java、.Net、C、C 等編程語言或開發平臺使用經驗者優先;
參與過多個產品 / 項目 / 應用的端到端應用安全測試,且對軟件開發生命周期(SDLC)及測試生命周期有深刻理解者優先。
證書要求:需持有至少一項以下專業認證證書
注冊道德黑客(CEH)
職業滲透測試認證(OSCP)
注冊軟件生命周期安全專家(CSSLP)
注冊信息系統安全專家(CISSP)
注冊事件處理專家(GCIH)
注冊滲透測試工程師(GPEN)
出差要求:能夠接受不定期出差安排,包括國內出差(蘇州、沈陽、深圳)及國際出差(印度班加羅爾、荷蘭)
語言要求:精通普通話與英語
關于飛利浦
飛利浦是一家全球領先的健康科技企業。我們秉持 “每一個生命都同等重要” 的核心理念,致力于讓世界各地的人們都能享有高品質的醫療健康服務,矢志不渝,步履不停。加入我們,在成就一番不凡事業的同時,為改善人類生命質量貢獻力量。
了解更多業務詳情
探索我們精彩紛呈的品牌歷史
深入解讀企業使命愿景
若你對本職位感興趣,且滿足大部分任職要求,我們熱忱歡迎你的投遞。即使不完全符合所有條件,你仍有可能成為本崗位或飛利浦其他職位的合適人選。點擊此處,了解更多飛利浦 “用心創造影響力” 的企業文化。
Your role:
Key tasks are to assure security robustness, by conducting efficient and effective security assessments on products / services / systems to ensure robustness w.r.t the security features. The security assessor is a subject ma er expert who identifies and helps resolve security issues, and also supports soldering work for hardware product security tests. The position reports to Director Product Security China, and dot-line functionally report to Indian SCoE manager.
You're the right fit if:
3 years of progressive experience in security domain with expertise in any one or more of the following areas:
AI Security testing
IoT Security testing
Bluetooth/Zigbee/Wi-Fi security testing
Mobile application hacking
Web application / Web Services security testing
Infrastructure security testing
Cloud security assessments
Automation and integration of security testing
Good hands-on experience with Security Assessment tools
Good hands-on experience with embedded devices
Exposure to Hardware protocols such as JTAG, UART, SPI, I2C, MQTT etc.
Good understanding of types of Firmware such as RTOS, Full pledged Operating system etc.
Good Knowledge in reverse engineering the application binaries such as .exe and ELF etc.
Experience in conducting security assessments and penetration testing on IoT devices
Should be Proficient in IEEE 802.11 standards (Wi-Fi)
Knowledge of WPA3, WPA2, and WEP encryption standards
Familiarity with 802.1X for network access control
Understanding of VPN protocols (IPSec, L2TP, SSL/TLS)
Experience in conducting security assessments and penetration testing on Wi-Fi devices
Experience in conducting security assessments and penetration testing on Bluetooth devices
Familiarity with tools for Bluetooth security analysis (e.g., BlueZ, Blescanner, Wireshark)
Understanding of security frameworks for wireless communications (e.g., IEEE 802.15.1)
Experience on manual exploitation of vulnerabilities, generating the reports, pin-pointing the vulnerabilities and provide detail recommendations on vulnerability exploitation
Exposure to current security threats, specific to the application security
*Experience/exposure to programming platforms such as Java /.Net/ C and C , is an added advantage
*Should have been involved in end to end application security testing for multiple products / projects / applications with good appreciation for SDLC and test life cycle.
Certifications: CEH/OSCP/CSSLP/CISSP/GCIH/GPEN (at least one)
Willing to occasionally travel domestically (Suzhou, Shenyang, Shenzhen) and international (Bangalore, The Netherlands)
Languages: Mandarin and English
Note (*): highly recommended but non-mandatory
About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
61 Learn more about our business.
61 Discover our rich and exciting history.
61 Learn more about our purpose.
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.
注:聯系我時,請說是在江蘇人才網上看到的。
工作地點
地址:上海靜安區上海市靜安區靈石路718號A1幢
??
點擊查看地圖
詳細位置,可以參考上方地址信息
求職提示:用人單位發布虛假招聘信息,或以任何名義向求職者收取財物(如體檢費、置裝費、押金、服裝費、培訓費、身份證、畢業證等),均涉嫌違法,請求職者務必提高警惕。
職位發布者
Summ..HR
飛利浦(中國)投資有限公司
-
電子技術·半導體·集成電路
-
公司規模未知
-
股份制企業
-
田林路888號10號飛利浦上海創新科技園1號樓
