We seek a security engineer in ViewSonic to enhance product security across different products. We seek a candidate with a proficient technical security foundation in penetration tests and experience driving operational excellence. This position requires an individual who can demonstrate a focus on enhancing product security from the offensive side. In this role, you will take the initiative to develop and deliver your penetration test plan across our various products, including web applications, mobile apps, native apps on cross-platforms, and many more. Your mission is to help ViewSonic maintain robust product security and share your security awareness of our products. You can contribute your expertise to the e-learning market, strengthen our security postures, and protect millions of users.

You Will

• Initiative, develop, and deliver internal penetration tests across different operation systems and products, including Android, Web, and many others, to determine vulnerabilities and offer mitigation strategies.

• Collaborate with senior engineers to develop and deploy the payload on different SaaS platforms to ensure compliance checks and protect the platform by Offensive Security cutting in.

• Communicate effectively with cross-functional product development teams.

• Handle and triage fundamental security issues.

• Perform vulnerability risk assessment.

• Execute cyber incident response activities.

Qualifications

• Bachelor's Degree preferably in Cyber Security, Computer Science, Information Technology, or equivalent education or work experience.

• Business-level English oral communication

• Good written and verbal communication skills in English

• Be positive and solution-oriented.

• Ability to work well independently and follow detailed instructions for completing testing assignments.

• (Preferred) Previous experience as a QA Analyst/Penetration Tester.

• (Preferred) Experience contributing to Zero Day or CVE.

Technical Qualifications

• Experience with reviewing application cybersecurity vulnerabilities for risk and relevance, as well as in vulnerability mitigations/remediation planning for identified vulnerabilities

• Understanding of OS (Linux/Windows) and basic commands.

• Understanding Networking, common security elements (e.g., OWASP Top 10), and Web Security (XSS, SQLi, etc.).

• (Preferred) Familiar with at least 1 of the scripting languages (e.g., Python, Bash, PHP, JavaScript, Java, C, C++).

• (Preferred) Knowledge of continuous integration and delivery platforms (e.g., Azure DevOps, GitHub Actions).

• (Preferred) Experience with AWS Cloud Security.

• Candidates holding any of the following certificates would be an advantage:

o eJPT

o eCPPT

o OSCP

o GWAPT