Security Engineer (Vulnerability Assessment) / Application Security

Job Summary

Security assessment department, under security engineering division, carries out various activites to prevent vulnerabilities in service developed by LY Corporation.  These activities includes perform graybox test directly or collaborate with developers to safely patch discovered vulnerabilities with other departments.

Responsibilities

• Performs technical security assessment, code audit, security consulting.
• Develop security solution to mitigate security vulnerability impact.
• Enhance security level throughout LY Corporation.
• Conduct research to identify new attack vectors against product and service of LY Corporation.
• Identify vulnerabilities by static/dynamic testing.
• Red team/penetration test operations against LY Corporation internal service.
• Analyze vulnerabilities discovered both internally and externally and conduct impact assessments.
• Communicate with developers and guide them to appropriate patch.

*Scope of Change: There is a possibility of reassignment to any duties as determined by the company.

Ideal Candidate

• Strong Passion for Application Development and Security
  • Demonstrates enthusiasm for integrating security into the entire development lifecycle and proactively identifying potential vulnerabilities.
• Up-to-Date on Security Technologies and Emerging Threats
  • Keeps pace with rapidly evolving security trends, vulnerabilities, and patch information, and applies this knowledge to both development processes and products.
• Excellent Communication and Teamwork Skills
  • Collaborates effectively with developers, infrastructure teams, product managers, and other stakeholders to define challenges and implement optimal security solutions.
• Proactive Problem Identification and Resolution
  • Takes initiative to identify and address security issues discovered during assessments, proposing and executing effective countermeasures.

Required Skills ＆ Experience

• Bachelor's degree in Computer Science, or a related technical field, or equivalent practical experience.
• 3 years of experience in application-level vulnerability testing and code-level security auditing.

Preferred Skills ＆ Experience

• Master's degree in Computer Science or a related technical field.
• Relevant work experience in web application security.
• Software development experience in C++ or Java.
• Foundation in, and in-depth technical knowledge of, security engineering, computer and network security, authentication, security protocols, and applied cryptography.
• Self-motivated and results-oriented.
• Effective interpersonal and communication skills.
• Public research, blogging, presentations, bug bounty, etc.