- Singapore
Working Location
Job Description
Responsibilities
Job Responsibilities
1. Security Protection System Operations
- Manage the end-to-end lifecycle of core security solutions (including WAF, MiShield, HIDS) for Xiaomi’s international business portfolio, including configuring policies, optimizing rules, and expanding coverage to protect web/mobile applications against common threats (e.g., OWASP Top 10).
- Develop real-time monitoring/alerting frameworks, analyze security logs to detect anomalous traffic and attack activities, produce root-cause analysis reports, and enhance defense strategies.
2. API Security Capability Development
- Lead the design of an API security framework for international operations, ensuring end-to-end interface protection. Create models for abnormal behavior detection and access control policies to mitigate risks like unauthorized data access and API abuse.
- Integrate with API gateways/microservices, incorporate SAST/DAST tools to advance shift-left security practices, and establish developer security guidelines.
3. Vulnerability Management
- Oversee end-to-end vulnerability processes (scanning, risk assessment, remediation) for international business. Implement high-risk vulnerability response mechanisms and collaborate with R&D teams on code-level fixes.
- Monitor global threat intelligence and zero-day vulnerabilities, organize regular red/blue team exercises, and refine emergency response protocols.
4. Compliance and Collaboration Support
- Ensure security operations adhere to regional regulatory standards, including GDPR and Singapore Personal Data Protection Act (PDPA), and prepare compliance audit reports.
- Collaborate with international business units, local compliance teams, and third-party vendors to deliver security technical support and training.
Job Requirements
1. Education and Experience
- Bachelor’s degree or higher in Computer Science, Information Security, or a related field.
- Minimum 3 years of experience in information security operations; experience in international business security within the internet industry is highly preferred.
2. Technical Skills
- Expertise in operating security products (e.g., WAF, IDS).
- Proficiency in API security design/protection, including OWASP API Top 10 knowledge and gateway security policy deployment.
- Familiarity with vulnerability management processes and tools (e.g., Nessus, Burp Suite), along with the ability to reproduce vulnerabilities and validate remediation efforts.
- Proficiency in scripting languages like Python/Shell; experience in developing security automation tools is an advantage.
3. Core Competencies
- Knowledge of international data security regulations and compliance requirements, with effective cross-regional team collaboration skills.
- Fluency in English and Mandarin (spoken and written) for daily work; professional certifications such as CISSP or CSSLP are preferred.
- Strong sense of responsibility and problem-solving abilities, with the capacity to respond to unexpected security incidents.
4. Bilingual in English and Mandarin In order to communicate with customers and China office colleagues.
Important Information
Never provide your bank or credit card details when applying for jobs. Do not transfer any money or complete unrelated online surveys. If you see something suspicious, Report this Job ad.