Security Analysis Engineer

TL;DR

Security Analysis Engineer: Conduct security impact analysis, vulnerability management, and support SSDLC practices for system/software projects with an accent on security validation and risk mitigation. Focus on threat modeling, automated security checks, and cross-division communication to ensure timely resolution of security issues.

Location: Chungho, Taiwan

Company

Top Tier provider of advanced server, storage, and networking solutions for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, Hyperscale, HPC and IoT/Embedded customers worldwide.

What you will do

• Perform impact analysis for system/software or projects.
• Maintain and monitor OSS packages in system/software products.
• Track and manage security issues and vulnerabilities for BIOS projects.
• Analyze security validation coverage and support SSDLC practices.
• Maintain security analysis records and drive timely resolution of security comments.
• Provide guidance on tools and practices to avoid development process gaps.

Requirements

• Bachelor’s degree in computer science, information technology, or similar field
• Experience with system/software development projects and SSDLC practices
• In-depth knowledge of ISO 27001, IEC 62443-4-1, BSIMM, and vulnerability management
• Familiarity with CI/CD tools and scripting (Python, Shell)
• At least 3 years of experience in threat modeling and security analysis methodologies
• Good project management and cross-division communication skills.

Nice to have

• CISSP, CSSLP, SSCP, CEH, CTIA or similar certifications.

Culture & Benefits

• Equal opportunity employer embracing diversity.
• Global technology leader with rapid growth.
• Opportunities to work on advanced server and IoT/Embedded solutions.