團隊成員均擁有資安風險管理和滲透測試的專業知識,具有在四大管理顧問公司、領導資安服務商、知名品牌原廠的豐富經驗,且積極參與國際 CTF 競賽,並曾取得世界第三名。我們服務的客戶來自不同產業,包括政府、金融、製造業、高科技和電子商務等等。我們團隊也協助集團獲得 ISO 27001 和 ISO 27017 認證,強化集團資安治理。團隊的核心價值在於創新、專業和協作,以提供高效的資安解決方案。
Cymetrics is one of the leading cybersecurity solution providers in Asia, offering exclusive high-end cybersecurity products. We specialize in professional red teaming, penetration testing and vulnerability scanning services, assembling a team with engineering expertise and cybersecurity specialization. Team members possess professional knowledge in cybersecurity risk management and penetration testing, with extensive experience in major consulting firms, leading cybersecurity service providers, and renowned brand OEMs. They actively participate in international CTF (Capture The Flag) competitions, achieving top three places globally. Our clientele spans diverse industries, including government, finance, manufacturing, high-tech, and e-commerce, among others. Additionally, our team assists the group in obtaining ISO 27001 and ISO 27017 certifications, reinforcing the group's cybersecurity governance. The core values of our team lie in innovation, professionalism, and collaboration, aiming to deliver efficient cybersecurity solutions. As a Cybersecurity Engineer at Cymetrics, you will serve as the primary attacker in red teaming and penetration testing, deeply probing vulnerabilities, and collaborating with mid and junior-level partners to complete projects. You will contribute professional insights and opinions to our proprietary product development, engaging in discussions to optimize project execution effectiveness. Know more about Cymetrics: https://cymetrics.io/en-us/
Our cybersecurity team, Cymetrics, is committed to providing a comprehensive cybersecurity assessment SaaS platform. With expertise in risk management and penetration testing, our team includes professionals from Big 4 consulting, leading cybersecurity services provider global banks, and top cybersecurity firms. Cymetrics excels in international CTF competitions, achieving a top-three global ranking and securing 1st place in the prestigious 2024 HITCON Cyber Range blue team. competition. Cymetrics supports clients across government, finance, manufacturing, high-tech, and e-commerce sectors. We’ve also secured ISO 27001 and ISO 27017 certifications for our group. Focused on innovation and collaboration, Cymetrics provides an AI security and LLM verification platform to assess AI models for vulnerabilities and Responsible AI compliance. Responsibilities
Planning and executing redteam project and penetration tests, aiding clients in identifying vulnerabilities, verifying remediation, and validating fix outcomes. - Conducting project meetings with clients, engaging in effective communication, clarifying issues, and assisting clients in problem resolution. - Assisting in the development of automated security tools, collaborating with the software engineering team to complete proprietary SaaS products. - Collaborating with the product development team to enhance cybersecurity products and platforms. - Researching vulnerabilities in websites or open-source projects and documenting findings in articles published on the company's TechBlog. Requirements
Three or more years of practical experience in red teaming, penetration testing and lateral movement in internal networks. - Familiarity with modern web frameworks (such as React, Angular, Vue.js) and client-side security vulnerabilities (e.g., XSS, CSRF, CSP bypass, GraphQL). - Familiarity with OWASP testing guides and other security testing methodologies, with a deep understanding of web vulnerabilities, operating systems, network architecture, and underlying principles. - Ability to articulate and document test results, provide remediation suggestions clearly, and effectively communicate with teams and clients. - Fluency in spoken and written English to explain penetration test reports to clients. Plus
Interest in blockchain-related cybersecurity technology. - Experience in bug bounty programs from reputable companies or participation in international CTFs (or equivalent CVE vulnerabilities). - Possession of OSWE, OSEP or OSCP certifications (or other equivalent information security certifications). - Proficiency in writing technical articles related to cybersecurity (vulnerability research, CTF write-ups, etc.). - Involvement in open-source projects, demonstrating contributions to and collaboration within the security community. - Fluency in spoken and written Chinese. How to apply
