Jobs
Job Search
Explore all available job openings across industries and locations.
Company Search
Find your dream jobs categorized by company names.
Themed Jobs
Discover job opportunities organized by specific themes or industries.
Download our App
Tools
Resume
Create your job-winning resume using our free resume builder.
Portfolio
Showcase your skills and projects with a professional portfolio.
Resume
Create your job-winning resume using our free resume builder.
Resume Builder
Make a resume for free.
Resume Templates
Access our extensive library of professional & ready-to-use templates.
Resume Examples
Get inspired by real resume examples to create your own.
Occupation Guide
Access resume writing guides tailored for different professions.
Resume Help
Get expert advice on all things resume from our team of recruitment specialists.
Portfolio
Showcase your skills and projects with a professional portfolio.
Portfolio Maker
Create a professional portfolio to highlight your skills and projects.
Portfolio Gallery
Browse through our collection of real portfolios for inspiration and networking.
Resources
Articles
Read insightful articles on career development, job search strategies, and more.
View All Articles
Job Search Guide
Resume & CV
Cover Letter
Portfolio
Interview Skills
Job Search Tips
Industry & Job Overview
Career Guidance
Career Planning
Career Tools
Career Development
Personal Branding
Success Stories
Success Stories
Business Excellence
People Operations
Recruitment & HR
About CakeResume
People & Culture
News & Updates
Events
Featured Reads
Resume & CV
What to Write in an Email When Sending a Resume [+ Examples & Tips]
Read More
Hire
Talent Search
Find Resumes.
Job Posting
Start for Free.
Recruitment Service
Acquire Talent.
Employer of Record (EOR)
Empower Your Business in Taiwan.
Employer Branding
Build and promote your employer brand.
Pricing
Job Posting Plans
Talent Search Plans
Resume Builder Plans
Build your Network
My Network
Access your personal network connections and manage your contacts.
CakeResume Meet
Expand your professional network by meeting and connecting with other users.
Community
Engage with other users through discussions, forums, and networking events.
Download our App

My Network

Access your personal network connections and manage your contacts.

CakeResume Meet

Expand your professional network by meeting and connecting with other users.

Community

Engage with other users through discussions, forums, and networking events.

CakeResume Talent Search

Advanced filters

Ready to interview

Open to opportunities

Not open to opportunities

Taiwan

台灣

Taoyuan City, Taiwan

Zhongli District, Taoyuan City, Taiwan

中壢區, 桃園市, 台灣

桃園市, 台灣

Taipei City, Taiwan

Taipei, Taiwan

台北市, 台灣

Tech

Banking / Insurance / Finance

Corporate services

Medical

Less than 1 year

1-2 years

2-4 years

4-6 years

6-10 years

10-15 years

More than 15 years

AI Smart Matching

Aletheia University

真理大學

National Taipei University of Technology

National Tsing Hua University

Providence University

Takming University of Science and Technology

Yuan Ze University

元智大學

國立台北科技大學

國立清華大學

國立臺北科技大學

德明財經科技大學

靜宜大學

Taiwan

台灣

Taipei City, Taiwan

台北市, 台灣

Full-time

Python

PHP

Penetration Testing

jQuery

.NET Framework

Active Directory

Acunetix

Burp Suite

IIS

Kali

Yes

1-5 people

5-10 people

Within one month

滲透測試、資訊安全、系統開發、程式設計

IT Administrator, IT Analyst, Cyber security, System & Network Administrator

Senior Software Engineer

Senior iOS Developer

全端/後端工程師

系統分析師

資深工程師

Bachelor’s Degree

Master’s Degree

Other

Bachelor

Master

2024

2019

2018

2016

2013

2012

2009

Current company

Off

Select all

Bureau Veritas

Panasonic

不顯示公司名稱

合群樹脂實業有限公司

將來商業銀行股份有限公司

森霸電力股份有限公司

知識科技股份有限公司

竹貓星球數位股份有限公司

行政院國家資通安全會報技術服務中心 (NCCST)

9count

Interested in working remotely

Part-time freelancer

Non-freelancer

Chinese - Native or Bilingual

English - Intermediate

English - Beginner

Chinese - Beginner

Chinese - Fluent

English - Fluent

Korean - Beginner

English

Chinese

4-6 years

6-10 years

10-15 years

More than 15 years

Exclude read results
Show all experiences

Available for paid companies

Past

Systems Engineer (Maintenance & Security) @Alliance Healthcare Group

・

2022 ~ 2023

IT Administrator, IT Analyst, Cyber security, System & Network Administrator

Within one month

System Administration

Network Security

Web Security

Full-time / Interested in working remotely

6-10 years

NCC Education, UK

・

Cyber Security

Upgrade to View

ChunYi Lu

分部資訊主管 @國防部

・

2023 ~ Present

滲透測試、資訊安全、系統開發、程式設計

Within one month

另代理資訊任務支援 (使用者電腦重灌，使用者帳號重置，資訊設備維護) 及資安事件處理。資深資安與 ASP.NET 開發工程師 (Senior Security Engineer and ASP.NET Programmer) 總部資訊部門 (IT department, headquarter of Ministry of National Defense, Taipei, Taiwan內部系統弱點偵掃暨滲透測試 :公司專案網路弱點偵掃業務，另與

Communication

.Net framework

.NET MVC

Full-time / Interested in working remotely

元智大學

・

資訊工程學系

Active

Yu-Hsiang Huang

高級工程師 @不顯示公司名稱

・

2022 ~ Present

滲透測試、資訊安全、系統開發、程式設計

Within one month

include but are not limited to: [ console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation. ] Completed projects: Independently developed CMS for many companies. Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system. Independently developed a security automation framework for reproduction and revalidation. Independently weaponized the Python package <TFTPY> as a penetration testing tool. Side projects & special achievements: Independently developed a program to receive the network traffic information using the SNMP

Active Directory

IIS

PHP

Full-time / Interested in working remotely

10-15 years

立德大學

・

資訊工程

Available for paid companies

資深主任工程師 @長青資訊

・

2017 ~ Present

資深工程師

Within one month

golang

MySQL

Docker

Full-time / Interested in working remotely

勤益科技大學

・

軟體工程

Upgrade to View

chen li Huang

iOS Developer @Sequent Lab, Ltd.

・

2022 ~ Present

Senior iOS Developer

Within one month

Chen- Li, Huang(Yoie) 1989/12/21 Senior Mobile Engineer [email protected] Skill Language SwiftUI / Swift / Object-c / Git / JAVA / C++ / Flutter CI/CD Testing Appium / RobotFramework / Jenkins / Xcode server/ Git Action Backend AWS / RESTful API / FireBase / Mixpanel / XCode Server / GraphQL Tool Xcode / Android Studio/ Visual Studio / Jira / Figma / Lottie Source Control GitHub / GitLab/ GitFox / Fork / SourcTree /Bit Bucket Work Experience iOS Engineer Sequent Sepnow Taipei, Taiwan

IOS App Development

Mobile App Development

SwiftUI

Full-time / Interested in working remotely

4-6 years

國立清華大學

・

Computer Science

EDAN

高級專員 @元大商業銀行

・

2020 ~ Present

系統分析師

Within one month

the society to get on the right track, share their own experiences and discuss with each other. Software Engineer Checkone Co., Ltd. • JanFebResponsible for software analysis, design and programming. 2. Planning and execution of software architecture and module design. 3. Carry out software testing and modification. 4. Assist in the development of new software technologies and tools. Software Engineer Shengsen Co., Ltd. • SepDecResponsible for software analysis, design and programming. 2. Planning and execution of software architecture and module design. 3. Carry out software testing

JavaScript

jQuery

HTML

Full-time / Interested in working remotely

4-6 years

德明科技大學

・

資訊科技系

Available for paid companies

資深工程師/全端工程師 @Advantech 研華科技

・

2021 ~ 2023

Senior Software Engineer

Within one month

系統分析與設計

系統整合

影像處理

Full-time / Interested in working remotely

6-10 years

Providence University 靜宜大學

・

資訊工程

Upgrade to View

李懿庭

Full-Stack Engineer @SoundOn 聲浪媒體科技股份有限公司

・

2022 ~ Present

全端/後端工程師

Within one month

sources to save at least 70k of tech costs per month. - Led a team to refactor a core library to reduce tech cost and improve response time. - Managed three product lines and 16 engineers at the same time. - Designed a development flow to reduce time in canary testing from 20 mins to 30s. - Designed an onboarding process on app to avoid frauds. Tech Stack: Kubernetes, Nodejs, RoR, AWS, GCP, React, BigQuery, React-Native SoundOn Inc, Engineering Manager, MarMar 2024 Technology and Product Team - Led a team to develop some web games to save 99x of

Node.js

DevOps / CI / CD

Infrastructure

Full-time / Interested in working remotely

4-6 years

台北科技大學

・

電子工程碩士班

The Most Lightweight and Effective Recruiting Plan

Search resumes and take the initiative to contact job applicants for higher recruiting efficiency. The Choice of Hundreds of Companies.

Browse all search results
Unlimited access to start new conversations
Resumes accessible for only paid companies
View users’ email address & phone numbers

Upgrade Now

7-day money-back guarantee, cancel anytime

Search Tips

Search a precise keyword combination

senior backend php

If the number of the search result is not enough, you can remove the less important keywords

Use quotes to search for an exact phrase

"business development"

Use the minus sign to eliminate results containing certain words

UI designer -UX

Only public resumes are available with the free plan.

Upgrade to an advanced plan to view all search results including tens of thousands of resumes exclusive on CakeResume.

Upgrade Now

Definition of Reputation Credits

Technical Skills

Specialized knowledge and expertise within the profession (e.g. familiar with SEO and use of related tools).

Problem-Solving

Ability to identify, analyze, and prepare solutions to problems.

Adaptability

Ability to navigate unexpected situations; and keep up with shifting priorities, projects, clients, and technology.

Communication

Ability to convey information effectively and is willing to give and receive feedback.

Time Management

Ability to prioritize tasks based on importance; and have them completed within the assigned timeline.

Teamwork

Ability to work cooperatively, communicate effectively, and anticipate each other's demands, resulting in coordinated collective action.

Leadership

Ability to coach, guide, and inspire a team to achieve a shared goal or outcome effectively.

Within one month

Yu-Hsiang Huang

Associate Technical Manager

不顯示公司名稱

・

2022 ~ Present

臺灣桃園市中壢區

Professional Background

Current status

Employed

Job Search Progress

Ready to interview

Professions

Security Engineer, Back-end Engineer

Fields of Employment

Cyber Security

Work experience

10-15 years

Management

I've had experience in managing 1-5 people

Skills

Active Directory

IIS

PHP

Laravel

Python

Rust

jQuery

Vue

Penetration Testing

Kali

Metasploit

Burp Suite

Nessus

Acunetix

MySQL / Mariadb

Languages

Chinese

・

Native or Bilingual

English

・

Beginner

Job search preferences

Positions

滲透測試、資訊安全、系統開發、程式設計

Job types

Full-time

Locations

台灣, 日本

Remote

Interested in working remotely

Freelance

Educations

School

立德大學

Major

資訊工程

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]

Completed projects:

Independently developed CMS for many companies.
Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
Independently developed a security automation framework for reproduction and revalidation.
Independently weaponized the Python package <TFTPY> as a penetration testing tool.

Side projects & special achievements:

Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
Independently developed a multi-threaded websocket server using PHP & VB.Net.
Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
Independently developed Nessus plugins.
Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.

Completed projects:

Participated in the handling of major cybersecurity incidents for government agencies.
Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.

Side projects & special achievements:

Ranked 344th individually, and 153rd as a team in HTB within four months.
Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
Participated in patching the security vulnerability in the open-source project phpMyAdmin.
Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
Reported a vulnerability in ZyXEL products and received a letter of appreciation.
Reported an information system vulnerability in Realtek and received a reward.
Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering • 2007 - 2009

SKILLS

Active Directory
IIS
PHP
Laravel
Python
Rust
jQuery
Vue
Penetration Testing
Kali
Metasploit
Burp Suite
Nessus
Acunetix

Languages

Chinese — native
English — basic

WORK & EXPERIENCE

Senior Engineer • <Hidden>

Mar. 2022 - Present | Taipei, Taiwan

Job responsibilities:
1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
3. Wrote the test cases for threat mitigation plans and executed the test cases.
4. Developed Jira Automation.
5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
  [
  setuptools, click, scapy, multi-process.
  Improving the situation of having to modify the automation program significantly when there's a change to web code.
  Packets detection, such as VRRP and ICMP.
  ]
7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
  [
  console, Redis, relational database, dependency injection, restful api
  schedule, queue, broadcast, i18n, one-click installation
  ]
8. Reproduced CVEs; some examples are listed below.
  [
  Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  ]
Cybersecurity achievements:
1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
2. Succeeded in bypassing the RD's patches many times.
3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
Others:
1. Independently developed Nessus plugins.
2. Independently discovered several vulnerabilities on TestLink
  [
  CVE-2022-35196(8.8), etc.
  ]
3. Independently discovered several vulnerabilities on Moxa MXsecurity
  [
  CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
  ]

Associate Technical Manager • Bureau Veritas

Aug. 2021 - Feb. 2022 | Taipei, Taiwan

Job responsibilities
1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
2. Independently conducted vulnerability scanning.
3. Independently conducted fuzz testing and developed specific protocol fuzzer.
4. Independently conducted penetration testing.
Cybersecurity achievements
1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
Others
1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher • Panasonic

Apr. 2020 - Aug. 2021 | Taipei, Taiwan

Job responsibilities
1. Developed a CLI automation security testing system using Python.
  1. Used Docker SDK, GitLab API, etc.
  2. Corrected cross-platform program issues.
  3. Integrated security programs such as Nessus 8.
  4. Automated the setup of an IIS PHP web server using WinAPI.
  5. Decoupled the program.
  6. Unit Test, Code Coverage, Mock.
2. Independently developed a web automated security testing system using Laravel.
  1. Used bootstrap + Vue + jQuery
  2. Restful API.
  3. Unit test, code coverage, mock, faker.
  4. Integrated the Python CLI program and provided real-time output.
3. Penetration testing for IoT devices and web.
Cybersecurity achievements
1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
Others
1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
4. Independently developed jQuery plugins.
5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
6. Independently discovered information leakage vulnerability in MS IE.
7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
  [
  CVE-2020-*****(0.0) x 2
  ]

Vulnerability Analysis Engineer • Next Bank

Dec. 2019 - Apr. 2020 | Taipei, Taiwan

Job responsibilities
1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
2. Participated in Fortify source code scanning automation PoC.
3. Participated in penetration testing.
Cybersecurity achievements
1. Independently discovered several vulnerabilities on iTop
  [
  CVE-2020-12777(7.5)，CVE-2020-12778(6.1)
  CVE-2020-12779(5.4)，CVE-2020-12780(7.5)
  CVE-2020-12781(8.8)
  ]
Others
1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer • NCCST

Jun. 2018 - Nov. 2019 | Taipei, Taiwan

Job responsibilities
1. Performing penetration testing on the government information systems.
2. Black-box and white-box testing.
3. Reverse engineering of the .NET programs.
4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
Cybersecurity achievements
1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
Others
1. Ranked 344th individually, and 153rd as a team in HTB within four months.
2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
  1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
    [The request to revoke the CVE ID has been made.(0.0), etc.]
  2. Independently discovered several vulnerabilities on InfoDoc ODMS.
    [The request to revoke the CVE ID has been made.(9.8), etc.]
  3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
    [CVE-2019-16533(6.1), etc.]
  4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
    [CVE-2019-16193(5.4)]
  5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
    [CVE-2019-6998(6.4), etc.]
  6. Independently discovered several vulnerabilities on phpMyAdmin.
    [CVE-2019-6798(9.8), etc.]
  7. Independently discovered several vulnerabilities on MyWebSQL.
    [CVE-2019-7731(9.8), etc.]
  8. Independently discovered several vulnerabilities on DbNinja.
    [CVE-2019-7747(9.6), etc.]
  9. Independently discovered several vulnerabilities on webERP.
    [CVE-2018-19434(7.2), etc.]
  10. Independently discovered several vulnerabilities on KindEditor.
    [CVE-2018-18950(7.5), etc.]
  11. Independently discovered several vulnerabilities on PHP-Proxy.
    [CVE-2018-19784(7.5), etc.]

經理 • 合群樹脂實業有限公司

九月 2016 - 五月 2018 | Taipei, Taiwan

1.客戶開發
　　既有客戶聯繫
　　找尋新客戶

2.產品開發製造
　　既有規格產品製造
　　客製規格產品開發

3.進銷存管理
　　庫存盤點
　　進貨
　　銷貨
　　EXCEL VBA 成本計算等

4.帳務處理
　　應收帳款
　　應付帳款
　　開立支票等

5.資訊系統處理
　　PC故障維修
　　系統實轉虛等

6.部屬任務安排

7.廠房修繕

資訊副工程師 • 森霸電力股份有限公司

二月 2012 - 八月 2016 | Taipei, Taiwan

工作內容:

1. 程式設計
　　PHPBB架設及修改，作為公司公告系統。
　　PHP撰寫個人電腦資訊查詢系統，作為採購、報廢等依據。
　　PHP撰寫公司表單查詢系統
　　PHP撰寫破解AD帳密程序，驗證資安問題。
　　PHP撰寫SNMP抓流量並圖形化程序，提供同仁參考網路狀況。
　　VB.NET撰寫多執行緒掃網段串改封包程序，驗證資安問題。
　　Excel VBA, 公式, 圖表，協助倉管盤點及計算備品價值。
　　查看廠商撰寫之電廠系統程式碼(JSP)，並成功發現無效存取控管弱點。
　　其它

2. 系統管理
　　Windows Server 2003管理
　　DNS
　　DHCP
　　AD(GPO、權限等設定、Login Script)
　　Server問題排除
　　機房硬體設備(NAS、CDP、RAID)
　　其它

3. 網路管理
　　封包攔截分析
　　VLAN
　　MAC Filter
　　Switch
　　Router
　　Routing Table
　　其它

4. 個人電腦故障排除
　　Windows XP、Windows 7
　　Office(Excel、Word、Outlook)
　　Printer
　　IE
　　其它

5. 案件發包
6. 物品請購
7. 倉管
8. 總機系統管理
9. 文書處理
10. 門禁&監視器處理
11. 其他主管交辦事項

專案經理 • 竹貓星球數位股份有限公司

九月 2011 - 一月 2012 | Taipei, Taiwan

1. 台積電專案系統開發，採用PHP + MySQL + MSSQL。

PHP程式設計師 • 知識科技股份有限公司

十二月 2009 - 五月 2011 | Taipei, Taiwan

新人獎 - 2011

工作內容:
1. jQuery
2. PHP
3. MySQL
4. CI MVC Framework

5. Windows Server 2003
6. DNS
7. IIS
8. File Server
9. SVN Server
10. CA Server

11. 客制化 PHP 程式設計
12. Yahoo EWS API
13. PayPal API
14. facebook API
15. Google API

16. 安全漏洞檢測，成功發現多項漏洞，並提報給公司負責人
17. 效能等其他問題檢測

Resume

Profile

Yu-Hsiang Huang

Associate Technical Manager

Obtained MCP certification in server management, proficient in Microsoft operating system. Familiar with server operations such as AD, DNS, DHCP, and IIS.

--------------------

Proficient in system development using PHP/Laravel, Python, as well as other languages like VB.net, Rust, etc. The technologies used include but are not limited to:

[

console, Redis, relational database, multi-thread, multi-process, dependency injection, restful API, schedule, queue, broadcast, i18n, unit test, Selenium, mock, one-click installation.

]

Completed projects:

Independently developed CMS for many companies.
Used GitLab API and Docker SDK, and integrated Nessus and other security tools to develop an automated security assessment system.
Independently developed a security automation framework for reproduction and revalidation.
Independently weaponized the Python package <TFTPY> as a penetration testing tool.

Side projects & special achievements:

Independently developed a program to receive the network traffic information using the SNMP protocol and visualize it graphically.
Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
Independently developed a multi-threaded websocket server using PHP & VB.Net.
Independently developed malicious programs such as brute-force tools, vulnerability PoCs, webshells, packet manipulators, and used WinAPI to control the operating system.
Independently used and modified the Python package <BooFuzz> to develpoed a fuzzer.
Independently developed Nessus plugins.
Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.

--------------------

In the field of cybersecurity, I have obtained the ECSA certification and referred to OSWE study materials, considering myself to have a level of expertise above that of OSWE.

Completed projects:

Participated in the handling of major cybersecurity incidents for government agencies.
Completed numerous penetration testing tasks for many companies, identifying high, medium, and low-risk vulnerabilities, totaling hundreds of system vulnerabilities. Even obtained the RCE vulnerabilities in several commercial products.
Assisted two employers in conducting security regulation-related tests, writing test cases, etc. For example, tests related to IEC 62443 SVV 1-4, such as compliance testing, mitigation plan testing, vulnerability scanning, fuzz testing, penetration testing, and various other tests.
Assisted in manually reproducing and revalidating vulnerabilities, including fixing and developing PoCs.

Side projects & special achievements:

Ranked 344th individually, and 153rd as a team in HTB within four months.
Independently obtained over 40 CVEs, including some in well-known software. Some of the CVEs have been inquired about by an antivirus software company and other unspecified individuals.
Disclosed vulnerabilities without requesting CVEs afterwards, totaling 5 or more.
Undisclosed vulnerabilities total more than 16, including vulnerabilities in NETGEAR, Alcatel, Discuz! X3.4, RCE vulnerabilities in many schools, vulnerabilities in internal systems of many companies, vulnerabilities in many well-known shopping websites, and others.
Participated in patching the security vulnerability in the open-source project phpMyAdmin.
Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
Reported a vulnerability in ZyXEL products and received a letter of appreciation.
Reported an information system vulnerability in Realtek and received a reward.
Reported the vulnerability in a company's product serial number rules to prevent the company from suffering losses.

Zhongli District, Taoyuan City, Taiwan
[email protected]

https://github.com/HuangYuHsiangPhone

EDUCATION

Leader University

Master Degree of Computer Science & Information Engineering • 2007 - 2009

SKILLS

Active Directory
IIS
PHP
Laravel
Python
Rust
jQuery
Vue
Penetration Testing
Kali
Metasploit
Burp Suite
Nessus
Acunetix

Languages

Chinese — native
English — basic

WORK & EXPERIENCE

Senior Engineer • <Hidden>

Mar. 2022 - Present | Taipei, Taiwan

Job responsibilities:
1. Assisted PSIRT and Cybersecurity Testing Team in avoiding unnecessary or incorrect testing steps and collecting information related to vulnerability confirmation.
2. Studied cybersecurity regulations, such as 62443-4-2, and wrote the test cases. Responsible for pretesting to ensure compliance with Korean cybersecurity regulations.
3. Wrote the test cases for threat mitigation plans and executed the test cases.
4. Developed Jira Automation.
5. Independently modified and weaponized the Python package <TFTPY> as a PT tool.
6. Used Python, Robot Framework, etc. to independently develop automated testing for reproducing vulnerabilities and mitigation plans.
  [
  setuptools, click, scapy, multi-process.
  Improving the situation of having to modify the automation program significantly when there's a change to web code.
  Packets detection, such as VRRP and ICMP.
  ]
7. Used PHP, Bat files, and related APIs to independently develop cybersecurity automation systems that meet the needs of various departments.
  [
  console, Redis, relational database, dependency injection, restful api
  schedule, queue, broadcast, i18n, one-click installation
  ]
8. Reproduced CVEs; some examples are listed below.
  [
  Independently created the p12 file to reproduce CVE-2022-0778 (the p12 file has been saved on GitHub and listed on cvexploits).
  Independently assisted PSIRT in clarifying the scope of impact of CVE-2021-3493 and tracing related Linux code.
  ]
Cybersecurity achievements:
1. Independently conducted penetration testing on company's products, discovering several dozens of high-risk vulnerabilities. Some vulnerabilities were memory-related and expected to be applied together for several CVEs.
2. Succeeded in bypassing the RD's patches many times.
3. Independently developed the legal programs to save on cybersecurity software licenses, which can save tens of thousands to hundreds of thousands of New Taiwan Dollars per year, depending on the scale of usage.
4. Reported the vulnerability in the company's product serial number rules to prevent the company from suffering losses.
Others:
1. Independently developed Nessus plugins.
2. Independently discovered several vulnerabilities on TestLink
  [
  CVE-2022-35196(8.8), etc.
  ]
3. Independently discovered several vulnerabilities on Moxa MXsecurity
  [
  CVE-2023-41438(0.0), CVE-2023-41440(0.0), etc.
  ]

Associate Technical Manager • Bureau Veritas

Aug. 2021 - Feb. 2022 | Taipei, Taiwan

Job responsibilities
1. Studied cybersecurity regulations, , such as 303645, 62443-4-2, and wrote the test cases.
2. Independently conducted vulnerability scanning.
3. Independently conducted fuzz testing and developed specific protocol fuzzer.
4. Independently conducted penetration testing.
Cybersecurity achievements
1. Independently discovered many high, medium and low cybersecurity vulnerabilities, such as RCE, DoS, injection, in products of various industrial control device manufacturers.
Others
1. Reported a vulnerability in ZyXEL products and received a letter of appreciation.

Staff Engineer / IoT Vulnerability Researcher • Panasonic

Apr. 2020 - Aug. 2021 | Taipei, Taiwan

Job responsibilities
1. Developed a CLI automation security testing system using Python.
  1. Used Docker SDK, GitLab API, etc.
  2. Corrected cross-platform program issues.
  3. Integrated security programs such as Nessus 8.
  4. Automated the setup of an IIS PHP web server using WinAPI.
  5. Decoupled the program.
  6. Unit Test, Code Coverage, Mock.
2. Independently developed a web automated security testing system using Laravel.
  1. Used bootstrap + Vue + jQuery
  2. Restful API.
  3. Unit test, code coverage, mock, faker.
  4. Integrated the Python CLI program and provided real-time output.
3. Penetration testing for IoT devices and web.
Cybersecurity achievements
1. Independently discovered the RCE vulnerability in commercial software developed by my current employer using Python and PHP.
2. Independently discovered the RCE vulnerability in commercial software developed by another company within the group, using Node.js and C#.
Others
1. Independently discovered high-risk vulnerabilities in the information systems of many listed semiconductor companies in Taiwan.
2. Independently discovered high-risk vulnerabilities on Discuz! X3.4.
3. Independently achieved the User privilege in the 130th place on HTB Proper(Win, Hard) on Mar. 23, 2021.
4. Independently developed jQuery plugins.
5. Independently developed a hexagonal menu and a moving light bar using JavaScript and other technologies.
6. Independently discovered information leakage vulnerability in MS IE.
7. Independently discovered several vulnerabilities on NETGEAR RAX80 and Alcatel I-040GW
  [
  CVE-2020-*****(0.0) x 2
  ]

Vulnerability Analysis Engineer • Next Bank

Dec. 2019 - Apr. 2020 | Taipei, Taiwan

Job responsibilities
1. Participated in Nexpose/Nessus vulnerability scanning automation PoC.
2. Participated in Fortify source code scanning automation PoC.
3. Participated in penetration testing.
Cybersecurity achievements
1. Independently discovered several vulnerabilities on iTop
  [
  CVE-2020-12777(7.5)，CVE-2020-12778(6.1)
  CVE-2020-12779(5.4)，CVE-2020-12780(7.5)
  CVE-2020-12781(8.8)
  ]
Others
1. Independently developed a multi-threaded websocket server using PHP & VB.Net.

Engineer • NCCST

Jun. 2018 - Nov. 2019 | Taipei, Taiwan

Job responsibilities
1. Performing penetration testing on the government information systems.
2. Black-box and white-box testing.
3. Reverse engineering of the .NET programs.
4. Assisted government agencies in setting up the scenario for the 2019 Cyber Offensive and Defensive Exercise (CODE).
5. Independently developed a report management system and a program for automatically fetching email attachments using Laravel.
Cybersecurity achievements
1. Joined a government attack and defense exercise halfway through and ranked second among approximately 90 attackers as a newcomer. Discovered over 140 vulnerabilities and received corresponding rewards.
2. Capable of manually bypassing a web application firewall (WAF) to achieve attacks that are difficult for tools to accomplish.
3. Independently developed scanning and attack tools (such as CVE PoCs, scanners for specific vulnerabilities, PHP & ASPX webshells), using technologies including but not limited to curl, socket, multi-thread.
Others
1. Ranked 344th individually, and 153rd as a team in HTB within four months.
2. Participated in patching the security vulnerability in the open-source project phpMyAdmin.
3. A total of at least 34 CVEs have been applied for. Only some are listed as follows:
  1. Independently discovered several vulnerabilities on GSS Tracko, Radar.
    [The request to revoke the CVE ID has been made.(0.0), etc.]
  2. Independently discovered several vulnerabilities on InfoDoc ODMS.
    [The request to revoke the CVE ID has been made.(9.8), etc.]
  3. Independently discovered several vulnerabilities on DrayTek Vigor2925.
    [CVE-2019-16533(6.1), etc.]
  4. Independently discovered several vulnerabilities on ESRI ArcGIS Enterprise.
    [CVE-2019-16193(5.4)]
  5. Independently discovered several vulnerabilities on Avaya Scopia Desktop.
    [CVE-2019-6998(6.4), etc.]
  6. Independently discovered several vulnerabilities on phpMyAdmin.
    [CVE-2019-6798(9.8), etc.]
  7. Independently discovered several vulnerabilities on MyWebSQL.
    [CVE-2019-7731(9.8), etc.]
  8. Independently discovered several vulnerabilities on DbNinja.
    [CVE-2019-7747(9.6), etc.]
  9. Independently discovered several vulnerabilities on webERP.
    [CVE-2018-19434(7.2), etc.]
  10. Independently discovered several vulnerabilities on KindEditor.
    [CVE-2018-18950(7.5), etc.]
  11. Independently discovered several vulnerabilities on PHP-Proxy.
    [CVE-2018-19784(7.5), etc.]

經理 • 合群樹脂實業有限公司

九月 2016 - 五月 2018 | Taipei, Taiwan

1.客戶開發
　　既有客戶聯繫
　　找尋新客戶

2.產品開發製造
　　既有規格產品製造
　　客製規格產品開發

3.進銷存管理
　　庫存盤點
　　進貨
　　銷貨
　　EXCEL VBA 成本計算等

4.帳務處理
　　應收帳款
　　應付帳款
　　開立支票等

5.資訊系統處理
　　PC故障維修
　　系統實轉虛等

6.部屬任務安排

7.廠房修繕

資訊副工程師 • 森霸電力股份有限公司

二月 2012 - 八月 2016 | Taipei, Taiwan

工作內容:

1. 程式設計
　　PHPBB架設及修改，作為公司公告系統。
　　PHP撰寫個人電腦資訊查詢系統，作為採購、報廢等依據。
　　PHP撰寫公司表單查詢系統
　　PHP撰寫破解AD帳密程序，驗證資安問題。
　　PHP撰寫SNMP抓流量並圖形化程序，提供同仁參考網路狀況。
　　VB.NET撰寫多執行緒掃網段串改封包程序，驗證資安問題。
　　Excel VBA, 公式, 圖表，協助倉管盤點及計算備品價值。
　　查看廠商撰寫之電廠系統程式碼(JSP)，並成功發現無效存取控管弱點。
　　其它

2. 系統管理
　　Windows Server 2003管理
　　DNS
　　DHCP
　　AD(GPO、權限等設定、Login Script)
　　Server問題排除
　　機房硬體設備(NAS、CDP、RAID)
　　其它

3. 網路管理
　　封包攔截分析
　　VLAN
　　MAC Filter
　　Switch
　　Router
　　Routing Table
　　其它

4. 個人電腦故障排除
　　Windows XP、Windows 7
　　Office(Excel、Word、Outlook)
　　Printer
　　IE
　　其它

5. 案件發包
6. 物品請購
7. 倉管
8. 總機系統管理
9. 文書處理
10. 門禁&監視器處理
11. 其他主管交辦事項

專案經理 • 竹貓星球數位股份有限公司

九月 2011 - 一月 2012 | Taipei, Taiwan

1. 台積電專案系統開發，採用PHP + MySQL + MSSQL。

PHP程式設計師 • 知識科技股份有限公司

十二月 2009 - 五月 2011 | Taipei, Taiwan

新人獎 - 2011

工作內容:
1. jQuery
2. PHP
3. MySQL
4. CI MVC Framework

5. Windows Server 2003
6. DNS
7. IIS
8. File Server
9. SVN Server
10. CA Server

11. 客制化 PHP 程式設計
12. Yahoo EWS API
13. PayPal API
14. facebook API
15. Google API

16. 安全漏洞檢測，成功發現多項漏洞，並提報給公司負責人
17. 效能等其他問題檢測