岗位职责:

1. Conduct IoT security testing (IoT ecosystem) against industry security standards such as EN303645, GSMA and NIST SP publications. (30%)

根据 EN303645、GSMA 和 NIST SP 出版物等行业安全标准进行物联网安全测试（物联网生态系统）。 (30%)

2. Conduct IoT penetration testing, risk assessment and vulnerability assessments across a wide variety of platforms and technologies. (20%)

跨多种平台和技术进行物联网渗透测试、风险评估和漏洞评估。 (20%

3. Communicate with customers and provide technical advise with regard to IoT security domain. (15%)

与客户沟通，提供物联网安全领域的技术建议。 (15%)

4. Doing research on IoT security technologies and keep tracking global security events. developing and maintaining security attack tools (25%)

研究物联网安全技术，持续跟踪全球安全事件。开发和维护安全攻击工具（25%）

5. Keeping up-to-date with tools, countermeasures, threats and technologies.(10%)

及时了解工具、对策、威胁和技术。(10%)

任职条件:

1. Bachelor's degree in Cybersecurity, Computer Science, Computer Engineering, or related field.

网络安全、计算机科学、电子信息工程或相关专业本科学历。

2. Have a broad understanding of various information technology areas used to support and manage the business (i.e. web, networking, database, cloud, telephony, mobile, applications, etc,) and an in-depth experience in at least two area of relevant technology, and proficiency with Unix/Linux, and mobile platform operating systems.

对用于支持和管理业务的各种信息技术领域(即网络、网络、数据库、云、电话、移动应用程序等)有广泛的了解，并在至少两个相关领域有深入的经验技术且能熟练使用 Unix/Linux、移动平台操作系统。

3. Be familiar with TCP/IP based network protocols, basic PKl technology and cryptographic algorithms熟悉基于 TCP/IP 的网络协议、基础 PKI技术和密码算法

4. Be familiar with one of script languages (Pyihon, JavaScript, Shell etc..). Can develop test scripts.

熟悉一种脚本语言 (Python、JavaScript、Shell等)。可以开发测试脚本。

5. Be familiar with wireless security such as Wi-Fi, Bluetooth and Zigbee/Matter/Thread.

熟悉Wi-Fi、蓝牙、Zigbee/Matter/Thread 等无线安全

6. Comprehension of OWASP Top 10 (both web and IoT) and NIST technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies OWASP Top 10 (Web 和 IoT)和 NIST 技术控制和标准，能够理解和交流标准和控制与风险管理策略的关系。

7. Comprehension of OWASP Top 10 (both web and IoT), NIST and ISSAF technical controls and standards, and able to understand and communicate how the standards and controls relate to risk management strategies.

理解OWASP Top 10(包括web和IoT) ， NIST和ISSAF技术控制和标准，并能够理解和沟通标准和控制与风险管理策略的关系。

8. Experience in software and hardware reverse engineering is preferred.

Hardware reverse engineering includes: dumping firmware, hardware line protocol analysis, electronic test equipment. (Examples: oscilloscopes, logic analyzers, JTAG, traffic generators, etc.).

Software reverse engineering including: assembly language experience. (Examples: x86, x64, ARM, MIPS, etc.); Experience using reverse engineering tools and debuggers. (Ghidra, Frida Hood, IDAPro / IDA Pro, etc.).

有软件或硬件逆向工程经验者优先。硬件逆向工程包括:固件转储、硬件线路协议分析、设备电子测试。(例如:示波器，逻辑分析仪，JTAG，流量发生器等)。软件逆向工程包括:汇编语言经验。(例如:x86、x64、ARM、MIPS等); 有使用逆向工程工具和调试器的经验。(Ghidra, Frida Hood, IDAPro / IDAPro等)。