Futu US Inc. is seeking a Security Engineer to drive security initiatives across our product development lifecycle. You will implement standards, conduct assessments, and manage vulnerabilities to enhance our overall security posture.
What You'll Do
- Conduct security assessments throughout the product development lifecycle, including requirements, design, and pre-launch testing phases.
- Develop and implement security development standards covering the entire software lifecycle.
- Design, implement, and maintain security control processes within the Software Development Life Cycle (SDLC).
- Track and manage security vulnerabilities identified at each phase, produce risk assessment reports, and drive issues to remediation.
What We're Looking For
- Bachelor’s degree or above in Computer Science, Information Security, or a related field.
- Knowledge of blockchain technology.
- Proficient in mainstream programming languages (e.g., C++, Go) and their security analysis methods.
- Able to provide practical guidance to development teams for vulnerability remediation.
- Familiar with DevSecOps practices and tools, such as SAST, DAST, IAST, automated application security testing, container security, and Software Composition Analysis (SCA).
- Experience with common security scanning tools, such as Fortify, Checkmarx, Coverity, AppScan, Black Duck, WebInspect.
- Familiar with common security vulnerability types (e.g., SQL Injection, XSS, CSRF) and security tools (e.g., OWASP ZAP, Burp Suite, Wireshark).
- Understanding of vulnerability analysis and remediation methods.
Nice to Have
- Understanding of Security's Software Development Lifecycle (SDL) processes.
- Practical experience in threat modeling, code security auditing, penetration testing.
- SDL internship experience in the financial industry.
Technical Stack
- Languages: C++, Go
- Security Testing: SAST, DAST, IAST
- Tools: Fortify, Checkmarx, Coverity, AppScan, Black Duck, WebInspect, OWASP ZAP, Burp Suite, Wireshark
Futu US Inc. is an equal opportunity employer.
