职位描述
职位描述
1. Security Architecture Planning & Implementation
- Lead the planning, design, and evolution of the company’s overall security architecture (e.g., Zero Trust networking, cloud, business systems, data security, and identity/access systems).
- Build reusable security capabilities into reference architectures, standards, and security baselines, and drive adoption and implementation across teams.
2. Defense-in-Depth Program Development
- Design detection and prevention capabilities against common attack chains (e.g., phishing, lateral movement, supply chain attacks, and cloud attack/defense techniques) to improve alert quality and response efficiency.
- Conduct security reviews and threat assessments for new businesses, new systems, and major changes; identify risks and define mitigation plans.
- Promote “shift-left” security by embedding controls into CI/CD, release processes, Infrastructure as Code (IaC), and code/dependency governance.
- Lead analysis and coordination for major security incidents (root cause analysis, impact assessment, remediation, and long-term governance improvements).