Review and assess IT system architectures, network configurations, and security controls to identify potential risks and vulnerabilities
Conduct vulnerability scans and penetration testing on web applications, networks, wireless environments, APIs, and IT infrastructure
Perform network security testing and web application security testing to identify security weaknesses and recommend remediation actions
Simulate real-world cyber-attack scenarios to evaluate system resilience and uncover exploitable vulnerabilities
Conduct vulnerability assessments using industry-standard offensive security and security testing tools
Analyze and validate identified vulnerabilities and prepare clear remediation recommendations
Support red team and offensive security activities under the guidance of senior consultants and project managers
Perform traffic analysis, attack simulations, and security testing activities to strengthen enterprise cybersecurity posture
Prepare technical assessment reports and communicate findings effectively to both technical and non-technical stakeholders
Collaborate with internal teams and clients to support cybersecurity enhancement initiatives

Experience1–2 years of hands-on experience in penetration testing, vulnerability assessment, cyber-attack simulation, or red teaming functions
Experience conducting network security testing, web application penetration testing, and vulnerability scanning activities
Familiarity with offensive security methodologies, attack techniques, and cybersecurity assessment frameworks

Hands-on experience with tools used for wireless, web application, and network security testing such as Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux, Nessus, SQLmap, or similar tools
Understanding of network protocols, TCP/IP, firewalls, routing, and common cybersecurity attack vectors
Knowledge of vulnerability scanning and penetration testing methodologies
Exposure to scripting or programming languages such as Python, Bash, or PowerShell is an advantage
Certifications
Candidates holding offensive security certifications will have an advantage, including:OSCPOSEPOSWPOr equivalent offensive security certifications
Languages
Chinese and English

Review and assess IT system architectures, network configurations, and security controls to identify potential risks and vulnerabilities
Conduct vulnerability scans and penetration testing on web applications, networks, wireless environments, APIs, and IT infrastructure
Perform network security testing and web application security testing to identify security weaknesses and recommend remediation actions
Simulate real-world cyber-attack scenarios to evaluate system resilience and uncover exploitable vulnerabilities
Conduct vulnerability assessments using industry-standard offensive security and security testing tools
Analyze and validate identified vulnerabilities and prepare clear remediation recommendations
Support red team and offensive security activities under the guidance of senior consultants and project managers
Perform traffic analysis, attack simulations, and security testing activities to strengthen enterprise cybersecurity posture
Prepare technical assessment reports and communicate findings effectively to both technical and non-technical stakeholders
Collaborate with internal teams and clients to support cybersecurity enhancement initiatives

Experience1–2 years of hands-on experience in penetration testing, vulnerability assessment, cyber-attack simulation, or red teaming functions
Experience conducting network security testing, web application penetration testing, and vulnerability scanning activities
Familiarity with offensive security methodologies, attack techniques, and cybersecurity assessment frameworks

Hands-on experience with tools used for wireless, web application, and network security testing such as Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux, Nessus, SQLmap, or similar tools
Understanding of network protocols, TCP/IP, firewalls, routing, and common cybersecurity attack vectors
Knowledge of vulnerability scanning and penetration testing methodologies
Exposure to scripting or programming languages such as Python, Bash, or PowerShell is an advantage
Certifications
Candidates holding offensive security certifications will have an advantage, including:OSCPOSEPOSWPOr equivalent offensive security certifications
Languages
Chinese and English

Cyber Security Analyst

Job Description