Senior Security Research Engineer, Cymetrics

OneDegreeTaipei, TaiwanOnsite

Cymetrics是國內領先的資安原廠之一，擁有專屬的高端資安產品。我們提供專業的滲透測試和弱點掃描服務，集結了工程技術與資安專長的團隊。

團隊成員均擁有資安風險管理和滲透測試的專業知識，具有在四大管理顧問公司、台灣領導資安服務商、知名品牌原廠的豐富經驗，且積極參與國際 CTF 競賽，並曾取得世界第三名。我們服務的客戶來自不同產業，包括政府、金融、製造業、高科技和電子商務等等。我們團隊也協助集團獲得 ISO 27001 和 ISO 27017 認證，強化集團資安治理。團隊的核心價值在於創新、專業和協作，以提供高效的資安解決方案。身為 Cymetrics 的資深資安工程師，你會擔任滲透測試的主要攻擊手，深入挖掘弱點，並一同與 Mid, junior level 的夥伴一起完成專案。在自有開發的產品中提供專業的想法與意見。一起討論並優化專案執行的成效。Cymetrics is one of the leading cybersecurity solution providers in the country, offering exclusive high-end cybersecurity products.

We specialize in professional penetration testing and vulnerability scanning services, assembling a team with engineering expertise and cybersecurity specialization.Team members possess professional knowledge in cybersecurity risk management and penetration testing, with extensive experience in major consulting firms, leading cybersecurity service providers in Taiwan, and renowned brand OEMs. They actively participate in international CTF (Capture The Flag) competitions, achieving top three places globally. Our clientele spans diverse industries, including government, finance, manufacturing, high-tech, and e-commerce, among others. Additionally, our team assists the group in obtaining ISO 27001 and ISO 27017 certifications, reinforcing the group's cybersecurity governance.

The core values of our team lie in innovation, professionalism, and collaboration, aiming to deliver efficient cybersecurity solutions.As a Senior Cybersecurity Engineer at Cymetrics, you will serve as the primary attacker in penetration testing, deeply probing vulnerabilities, and collaborating with mid and junior-level partners to complete projects. You will contribute professional insights and opinions to our proprietary product development, engaging in discussions to optimize project execution effectiveness.

Know more about Cymetrics:

https://cymetrics.io/zh-tw/

TechBlog:

https://tech-blog.cymetrics.io/

Responsibilities

規劃以及執行滲透測試，協助客戶發現漏洞並進行改善且驗證修復結果。
與客戶進行專案會議，開會溝通，釐清並協助客戶解決問題。
協助自動化資安工具開發，與軟體工程團隊一同完成自有 SaaS 產品。
與產品開發團隊合作，協助改進資安產品及平台。
研究網站或開源專案漏洞，將研究結果寫成文章發佈至公司的技術文章部落格。
Planning and executing penetration tests, aiding clients in identifying vulnerabilities, verifying remediation, and validating fix outcomes.
Conducting project meetings with clients, engaging in effective communication, clarifying issues, and assisting clients in problem resolution.
Assisting in the development of automated security tools, collaborating with the software engineering team to complete proprietary SaaS products.
Collaborating with the product development team to enhance cybersecurity products and platforms.
Researching vulnerabilities in websites or open-source projects and documenting findings in articles published on the company's TechBlog.

Requirements

四年以上滲透測試和內網橫向滲透的實際工作經驗，並專注在 Web 應用安全方面。
需對現代Web框架（如React, Angular, Vue.js）和客戶端安全弱點（例如XSS, CSRF, CSP bypass, GraphQL等）有深入研究。
熟悉 OWASP 測試指南和其他安全測試方法，對網頁漏洞、作業系統、網路架構有深入理解，並熟悉其背後原理。
能夠清晰地整理和撰寫測試結果及修補建議，並有效地與團隊和客戶溝通。
流利的中英文聽說能力，並與客戶講解滲透測試報告內容。
Four or more years of practical experience in penetration testing and lateral movement in internal networks, fuscous on web application security.
In-depth knowledge of modern web frameworks (such as React, Angular, Vue.js) and client-side security vulnerabilities (e.g., XSS, CSRF, CSP bypass, GraphQL).
Familiarity with OWASP testing guides and other security testing methodologies, with a deep understanding of web vulnerabilities, operating systems, network architecture, and underlying principles.
Ability to articulate and document test results, provide remediation suggestions clearly, and effectively communicate with teams and clients.
Fluency in spoken and written Chinese and English to explain penetration test reports to clients.

Plus

對區塊鏈相關的資安技術有興趣
有打過知名廠商 bug bounty 或是參加過國際 CTF 的經驗 (或有同等 CVE 弱點)
擁有 OSWE 或 OSCP 證照 (或其它同等資訊安全證照)
擅長撰寫資安相關之技術文章（漏洞研究、CTF writeup 等等）
參與過開源項目，展現對安全社群的貢獻和合作精神。
Interest in blockchain-related cybersecurity technology.
Experience in bug bounty programs from reputable companies or participation in international CTFs (or equivalent CVE vulnerabilities).
Possession of OSWE or OSCP certifications (or other equivalent information security certifications).
Proficiency in writing technical articles related to cybersecurity (vulnerability research, CTF write-ups, etc.).
Involvement in open-source projects, demonstrating contributions to and collaboration within the security community.

Interview Process

Phone interview (30mins)
Interview (1.5 hrs) :- 45 mins with Team Members- 30 mins with Hiring Managers, 15 mins with HR

公司福利

好好工作，好好休息 (正職員工適用)

加入第一天即享有年假，首年 15 天年假（依照入職比例發）
每年全薪病假 5 天、全薪生理假 3 天

一起成長，持續精進

參加 conference、外部訓練都有補助 (正職員工適用)
證照補助 (正職員工適用)
前、後端技術分享社團、產品與管理職能讀書會

努力工作，我們也用力生活

健康檢查補助 (正職員工適用)
社團補助 - 各種運動社團、桌遊社、電玩社、這週要幹嘛社
定期補充的零食以及飲料櫃、義式咖啡機、氣泡水機
舒適的開放式工作環境，距離捷運台北101站 5分鐘路程

Life at OneDegree

Thrive Here & What We ValueUser-Centric and Product-Lead Company Culture | Healthy Work Atmosphere | Flexible Working Hour | Work-Life Balance | Health Check Subsidy | Ergonomic Design Chair | Fully-Equipped Devices for Work | Conferences & External Subsidy | Learning Clubs to Share Technical Skills | Various Entertainment & Sports Clubs | Snacks & Beverage to Refill Energy Anytime</s> | 14. Work Life Balance is a must | 15. To us, people are our greatest asset, and we are more than happy to invest in employees! | 16. We create a healthy work atmosphere and provide you with the tools and support for doing your job successfully. | 17. With a culture of flexibility and transparency, we believe there should be no barriers, and everyone’s contributions matter.</s> | 13. OneDegree Tech Blog | 14. Dedicated professionals | 15. Exciting journey to shape the future of AI</s> | Virtual Insurer License granted by Hong Kong Insurance Authority | Leading Hong Kong virtual insurer | Ambition to bring seamless and instant insurance and claim experience through technology.</s> | 1. IXT is a technology company that provides innovative solutions for the insurance industry. | 2. The company values innovation, collaboration, and continuous learning. | 3. IXT offers opportunities for career growth and professional development. | 4. The company fosters a culture of teamwork and mutual respect among employees. | 5. IXT encourages creativity and experimentation in its work.</s> | Dedicated and technically skilled MIS and IT intern | Hands-on opportunity to work on various tasks related to IT support, website development and maintenance, and network management | Unique opportunity to gain valuable experience in a professional environment</s> | Emphasis on innovation and creativity | Collaborative work environment | Support for personal growth and development | Focus on providing excellent customer service</s> | Cymetrics is one of the leading cybersecurity solution providers in the country, offering exclusive high-end cybersecurity products. | The core values of our team lie in innovation, professionalism, and collaboration, aiming to deliver efficient cybersecurity solutions. | Our team assists the group in obtaining ISO 27001 and ISO 27017 certifications, reinforcing the group's cybersecurity governance. | We provide professional penetration testing and vulnerability scanning services, assembling a team with engineering expertise and cybersecurity specialization. | Our clientele spans diverse industries, including government, finance, manufacturing, high-tech, and e-commerce, among others.</s> | Flat culture that respects every team member's opinion. | Researching latest topics such as Web3 security. | Opportunities to participate in the development of information security tools, strengthen security platform functionality, or follow other team members doing penetration testing or open-source project research.</s> | 1. Comprehensive training | 2. 20 days of annual leave | 3. Performance bonus | 4. Birthday, marriage, parental and new pet leave | 5. Medical Insurance | 6. Flat organizational structure | 7. Young and energetic team | 8. Work from home policy</s> | 1. Stateof-the-Art Insurance Product Offering | 2. Willing to Offer Digital Asset Crime/ Specie Insurance, Directors’ and Officers’ Liability (D&O) Insurance and Professional Indemnity (PI) Insurance for Growing Crypto and Associated Industries | 3. Equipped with Talent and Resources to Offer Insurance, InsurTech and Cybersecurity Solutions in One Go | 4. Backed by Reputable Institutional Investors and Venture Capitalists</s> | Customer-first standard for insurance | Innovative products and services via digital platforms | Next-generation insurtech company committed to revolutionizing the insurance industry through design and digital innovation.</s> | Dynamic team of professionals | Opportunity to grow expertise in Web3 security</s> | Emphasis on innovation and growth | Passionate team members who are committed to achieving mission goals | Focus on providing high-quality products and services to clients | Encouragement of personal growth and development</s> | Work Hard, Play even Harder | Snacks & beverage to refill your energy anytime</s> | Collaborative and knowledge-sharing culture | Emphasis on staying updated on the latest offerings and technologies | Focus on enhancing product features and offerings based on client interactions | Strong cybersecurity expertise and insights shared among colleagues to strengthen team knowledge</s> | 1. HighGrowth Tech Solutions for Traditional Industries | 2. Collaborative Environment with Close Support from Sales & Partnership and Product Marketing Functions | 3. Subject Matter Expertise on IXT Offerings | 4. Strong Focus on Technical Capabilities of Products | 5. Passionate about Making an Impact and Enabling Breakthroughs in Traditional Industries through HighGrowth Tech Solutions</s> | 15 days annual leaves (pro-rata for partial month at first year) | 5 days full-pay sick leaves, 3 days menstrual leaves | Ergonomic-design chair and fully-equipped devices for work | Hybrid remote work and flexible working hour. | Grow together & keep learning | Learning clubs to share technical skill (e.g: Frontend/Backend tech sharing, Blockchain...etc) | Various entertainment & sports clubs, attend basketball clubs today, and play board game tomorrow! | Snacks & beverage to refill your energy anytime</s> | Emphasis on employee well-being and work-life balance | Encouragement of creativity and innovation | Opportunities for career growth and professional development</s> | Innovation, professionalism, and collaboration at our core | Deliver efficient and cutting-edge cybersecurity solutions | Active participation in global CTF competitions, achieving world-class accolades | Clients span diverse industries such as government, finance, manufacturing, high-tech, and e-commerce | Team has helped secure ISO 27001 and ISO 27017 certifications for the group and developed platforms for AI cybersecurity and Large Language Model (LLM) validation</s> | Dynamic and fast-paced environment | Opportunities for growth | Talented and diverse team | Flexible working hours and partial remote work</s> | Dynamic, fast-paced environment with opportunities for growth | Collaborate with a talented and diverse team | Work on impactful projects that shape the insurance industry</s> | Snacks & beverage to refill your energy anytime</s> | Passionate about creating rich digital experiences and deeply interested in the intersection of business and technology</s> | 1. Healthy Work Atmosphere | 2. Investment in Employees | 3. WorkLife Balance | 4. Health Check Subsidy | 5. Ergonomicdesign Chair and Fully-equipped Devices for work | 6. Learning Clubs to share technical skills (e.g: Frontend/Backend tech sharing, Product Management...etc) | 7. Various Entertainment & Sports clubs | 8. Snacks & Beverages to refill your energy anytime</s> | collaboration</s> | Technology-driven company redefining the insurance and financial services landscape.</s> | User-centric and product-led company culture | Flexible working hours and remote work options | Health check subsidy, ergonomic-design chair, and fully-equipped devices for work | Work Hard, Play even Harder culture with various entertainment & sports clubs | Learning opportunities through conferences & external subsidies and learning clubs to share technical skills.</s> | Ergonomic-design chair and fully-equipped devices for work | Various entertainment & sports clubs, attend basketball clubs today, and play board game tomorrow! | Work-Life Balance is a must | 15 days annual leaves (pro-rata for the partial month at the first year) | Various entertainment & sports clubs, attend basketball clubs today, and play board games tomorrow! | Innovative InsurTech company | Leading virtual insurer in Hong Kong | Dedicated to transforming the insurance landscape by providing seamless and instant insurance and claims experiences powered by cutting-edge technology.</s> | 1. Work Life Balance is a must | 2. 15 days annual leaves (prorata for partial month at first year) | 3. 5 days fullpay sick leaves, 3 days menstrual leaves | 5. Ergonomicdesign chair and fully-equipped devices for work | 6. Culture of flexibility and transparency | 7. Work Hard, Play even Harder | 8. Various entertainment & sports clubs, attend basketball clubs today, and play board game tomorrow! | 9. Snacks & beverage to refill your energy anytime</s>

Related Sub

This job belongs to these sub. Explore related roles here:

Open source jobs