Information Security Engineer

Data Security Operations Engineer – Permission Operations

Location: London / Hong Kong / Beijing

Responsibilities and Goals:

1. Permission Lifecycle Management: Lead the design, implementation, and continuous optimization of enterprise-level permission policies, establish policy iteration mechanisms, and ensure compliance with security standards such as ISO 27001 and business requirements.
2. Security Risk Monitoring and Response: Use tools such as SQL/Python to analyze user behavior and permission log data, build real-time monitoring systems, develop emergency response procedures for security incidents related to permissions, and drive automation in incident resolution.
3. Cross-Departmental Governance: Collaborate with product, R&D, and business departments, lead the technical upgrades of permission management modules (such as RBAC, TBAC, ABAC model optimization), and promote the implementation of fine-grained permission solutions in microservice environments.
4. Compliance Auditing and Effectiveness Evaluation: Conduct regular permission compliance audits and generate governance reports; design quantitative metric systems to balance security controls with user experience (e.g., validating policy effectiveness through A/B testing).
5. Cutting-Edge Technology Research: Track emerging technologies such as Zero Trust and AI-driven permissions, explore their application in DevSecOps, big data platforms, and other scenarios.

Requirements:

1. Bachelor’s degree or above in Network Security, Computer Science, or related fields.
2. Possess offensive and defensive thinking with an understanding of mainstream security threats and defense strategies.
3. Proficient in data analysis tools such as SQL, Spark, Python.
4. Excellent project management skills with experience in large-scale internet operations, microservice architecture, big data analysis, and security compliance is a plus.