Position Summary

Responsible for the execution of industrial product and system cyber security projects, industrial information security risk analysis, evaluation, testing, and certification work.

负责工业产品和系统信息安全项目的执行，工业信息安全风险分析，评估，测试和认证工作。

Participate in research on cutting-edge technologies in the field of cyber security, including tracking and researching relevant advanced technologies, and establish localized cyber  security assessment services and systems.

参与信息安全领域前沿技术研究，包括对相关先进技术的跟踪与研究，建立被本地化的信息安全评估服务和体系。

Job Responsibilities
1.Security assessment and project support of information security service projects.

负责信息安全服务项目的安全评估工作和项目支持工作。

2.Implementation of industrial information security projects, and assist customers in grading and filing, gap analysis, scheme design, security rectification, management system and other related work.

负责工业信息安全项目实施，协助客户完成定级备案、差距分析、方案设计、安全整改、管理制度等相关工作。

3.Overall evaluation and planning of customer information security system, design and implementation path.

对客户信息安全体系的整体评测与规划，设计推进路径。

4.Provide consulting services such as industrial control safety planning, safety management system, emergency management, and level protection.

负责工控安全规划、安全管理体系、应急管理、等级保护等咨询服务。

5.Provide security services such as penetration test, vulnerability scanning and code audit.

渗透测试、漏洞扫描和代码审计等安全服务。

6.Track and study the development trends, policies, regulations, and new technological requirements of industrial information security, evaluate and optimize relevant security services.

跟踪研究工业信息安全发展趋势、政策法规和新技术要求，评估优化相关安全服务。

7Complete other tasks assigned by the department manager.

完成部门经理布置的其他任务。

Job Requirements

1.Bachelor's degree or above in automation/industrial control, computer related major.

自控/工控，计算机类相关专业，本科生及以上学历。

2.Familiar with the technical principles and related technological trends of information security, have a deep understanding of information security implementation methods and means, and be familiar with the technical parameters and communication interfaces of information security equipment.

熟悉信息安全的技术原理及相关技术趋势，对信息安全实现方法、实施手段有深入理解，熟悉信息安全设备的技术参数、通信接口。

3.Familiar with relevant domestic and international standards and specifications for industrial information security is preferred, such as IEC 62443, NIST SP 800-82, ISA Secure, industrial control and other related standards.

熟悉工业信息安全国内、外相关标准和规范者优先，如：IEC 62443、NIST SP 800-82、ISA Secure、工业控制和其它相关标准。

4.Good communication and expression skills and a team spirit.

具有良好的沟通表达能力和团队合作精神。