Job description
I. Construction and Management of Endpoint Security System
1. Endpoint Protection: Develop the company's endpoint security policies, standards, and guidelines, covering office terminals, R&D environments, production servers, and mobile devices.
2. Endpoint Protection Platform: Lead the selection, deployment, policy formulation, and operation of an enterprise-level endpoint detection and response platform, ensuring capabilities for malware protection, behavior monitoring, vulnerability detection, and remediation.
3. Device Security and Compliance: Design and implement security baselines such as device access control, full disk encryption, peripheral management, and software whitelisting to ensure device health.
4. Privileged Endpoint Management: Implement enhanced control and isolation for endpoints of privileged positions such as operations, trading, and finance, establishing special monitoring and auditing processes.
5. Endpoint Security Response: Establish monitoring and emergency response processes for endpoint security incidents, leading investigations into security events related to endpoints.
II. Construction and Management of Identity and Access Management System
1. Strategy and Architecture Design: Develop and continuously evolve the IAM strategy and governance framework, designing a highly available and scalable unified identity authentication and authorization platform.
2. Core System Construction:
3. Unified Identity Lifecycle Management: Automate the full lifecycle process of employee onboarding, job transfer, and offboarding accounts.
4. Authentication Enhancement: Implement multi-factor authentication and risk-based authentication.
5. Dynamic Authorization: Design a fine-grained access control model based on roles and attributes, using endpoint security status (such as whether encrypted or EDR installed) as a key attribute for dynamic authorization decisions.
6. Privileged Access Management: Implement least privilege, instant permissions, and session management for access to core systems, databases, and key vaults.
7. Service Account and API Key Management: Establish strict automated management processes.
III. Security Operations and Incident Response
1. Monitor the system security of the exchange in real-time, identifying potential security threats and abnormal activities. The security incident response team quickly analyzes, contains, and resolves security incidents to ensure continuous platform operation.
2. Build a security operations metrics system, establish a core metrics monitoring mechanism, regularly collect data and assess effectiveness, and propose optimization suggestions based on industry best practices.
Job Requirements
1. Education and Experience: Bachelor's degree or above in Computer Science, Information Security, or related fields, with over 5 years of experience in the field of cybersecurity, including at least 2 years of in-depth practical experience in either endpoint security or IAM, with a solid understanding of the other area.
2. Technical Depth (Endpoint Focus): Proficient in at least one mainstream EDR/XDR platform, with experience in endpoint security policies, bypass prevention, and forensic investigation.
3. Technical Depth (IAM Focus): Proficient in mainstream IAM products/standards/protocols, with experience in identity governance and privileged access management design and implementation.
4. Security Fundamentals: Solid knowledge of cybersecurity, familiar with the attack chain and defense in depth.
5. Programming/Scripting Skills: Proficient in at least one scripting or programming language, capable of implementing API development, automation, and integration.
Preferred Qualifications (Bonus Points):
1. Experience in endpoint security or IAM construction in financial, exchange, or high-security internet companies.
2. Successful leadership experience in large security projects across endpoints and identity.
3. Excellent communication, coordination, and project promotion skills.