The Cymetrics team is made up of experts in cyber risk management and penetrating testing, with experience in government as well as in the financial and telecommunications sectors. Our goal is to simplify complex cybersecurity penetration testing technology into a continuous rating using our self-developed cybersecurity assessment SaaS platform. This will allow companies to discover and manage their own cybersecurity risks before attackers do. In April 2020, our team assisted insurance platform OneDegree Hong Kong Limited, a subsidiary of the OneDegree group, to pass Hong Kong Insurance Authority and Deloitte Hong Kong's information security review and obtain their internet insurance license. In May 2021, we assisted OneDegree Global in obtaining the ISO27001 certification for information security management systems as well as the IS027017 certification for cloud security management systems, strengthening the management of the group's information security.

Cymetrics 是金融保險新創公司 OneDegree 的資安團隊，除了維護 OneDegree 的資安以外，也有自己的產品，目前正在開發新一代的資安 SaaS 平台，將不同層級的服務結合，打造一站式的資安服務體驗。除了自有產品以外，同時提供弱點掃描以及滲透測試等資安服務，協助客戶發現與改進資安相關問題。

Know more about Cymetrics: https://cymetrics.io/zh-tw/

How to apply

Please apply this position through 👉

https://boards.greenhouse.io/onedegree/jobs/4116902004

It will help us process your applications faster!

Responsibilities

• Plan and perform penetration test to help our client identify security issues.
• Build automation tools to find vulnerabilities.
• Research on websites or open source projects to find vulnerabilities and publish the research results.
  
• Cooperate with cross teams to jointly study information security issues and risk assessments in related fields such as blockchain, CeFi, and DeFi.
  
• 規劃以及執行滲透測試，協助客戶發現漏洞並進行改善。
• 開發自動化資安工具，自動檢測網站/系統相關弱點。
• 研究網站或開源專案漏洞，將研究結果寫成文章發佈。
• 與內部的其他團隊合作，共同研究區塊鏈、CeFi 以及 DeFi 等相關領域的資安議題與風險評估。

Requirements

• 1+ years of experience as a security engineer or security researcher.
• 1+ years of experience working in penetration testing.
• Familiar with OWASP top 10 and other web vulnerabilities.
• Familiar with automation tools like AppScan, WebInspect, Acunetix, OWASP ZAP etc.
• Excellent Chinese and English communication skills

• 一年以上資安工程師或資安研究員工作經驗。
• 熟悉滲透測試流程並具有一年以上執行滲透測試之經驗或同等經歷。
• 熟悉 OWASP top 10 與其他網頁相關漏洞，並熟知原理。
• 流利的中英文能力。

Plus

• Interested in blockchain-related information security technologies.
• Experienced with bug bounty or participating in CTF
• Have written technical articles related to information security (vulnerability research, CTF writeup, etc.)
• With security related certificates, such as CEH, OSCP or GWAPT, etc.

• 對區塊鏈相關的資安技術有興趣
• 有打過 bug bounty 或是參加過 CTF 的經驗
• 有寫過資安相關之技術文章（漏洞研究、CTF writeup 等等）
• 有資安相關證照，例如 CEH、OSCP 或是 GWAPT 等等

面試流程

• Phone interview
• 1st Interview: 2 hours, meet with hiring team + HR
• 2nd Interview: 1 hour, meet with Taiwan Director.