职位角色
核心职责为保障产品 / 服务 / 系统的安全性与稳定性。通过对产品、服务及系统开展高效且全面的安全评估，确保其安全功能的可靠性。安全评估专员作为该领域的技术专家，需负责识别并协助解决各类安全问题，同时为硬件产品的安全测试提供焊接技术支持。本职位向中国区产品安全总监直接汇报，同时在职能上向印度卓越中心经理虚线汇报。

任职要求
工作经验：拥有 3 年以上安全领域从业经验，且在以下至少一个或多个领域具备专业能力：
人工智能安全测试
物联网安全测试
蓝牙 / 紫蜂 / 无线网络安全测试
移动应用渗透测试
网络应用 / 网络服务安全测试
基础设施安全测试
云安全评估
安全测试自动化与集成
技能要求
熟练使用各类安全评估工具；
具备嵌入式设备实操经验；
熟悉 JTAG、UART、SPI、I2C、MQTT 等硬件通信协议；
深入理解实时操作系统、全功能操作系统等各类固件系统；
掌握.exe、ELF 等格式应用程序二进制文件的逆向工程技术；
具备物联网设备安全评估与渗透测试经验；
精通 IEEE 802.11 无线网络标准协议；
熟悉 WPA3、WPA2、WEP 等加密标准；
了解基于 802.1X 协议的网络访问控制技术；
掌握 IPSec、L2TP、SSL/TLS 等 VPN 通信协议；
具备无线网络设备安全评估与渗透测试经验；
具备蓝牙设备安全评估与渗透测试经验；
熟练使用 BlueZ、蓝牙扫描器、Wireshark 等蓝牙安全分析工具；
理解 IEEE 802.15.1 等无线通信安全框架；
具备漏洞手工利用实操经验，能够编写测试报告，精准定位漏洞，并针对漏洞利用方式提供详细整改建议；
熟悉当前应用安全领域的主流威胁与风险。
加分项（非硬性要求）
具备 Java、.Net、C、C 等编程语言或开发平台使用经验者优先；
参与过多个产品 / 项目 / 应用的端到端应用安全测试，且对软件开发生命周期（SDLC）及测试生命周期有深刻理解者优先。
证书要求：需持有至少一项以下专业认证证书
注册道德黑客（CEH）
职业渗透测试认证（OSCP）
注册软件生命周期安全专家（CSSLP）
注册信息系统安全专家（CISSP）
注册事件处理专家（GCIH）
注册渗透测试工程师（GPEN）
出差要求：能够接受不定期出差安排，包括国内出差（苏州、沈阳、深圳）及国际出差（印度班加罗尔、荷兰）
语言要求：精通普通话与英语


关于飞利浦
飞利浦是一家全球领先的健康科技企业。我们秉持 “每一个生命都同等重要” 的核心理念，致力于让世界各地的人们都能享有高品质的医疗健康服务，矢志不渝，步履不停。加入我们，在成就一番不凡事业的同时，为改善人类生命质量贡献力量。
了解更多业务详情
探索我们精彩纷呈的品牌历史
深入解读企业使命愿景
若你对本职位感兴趣，且满足大部分任职要求，我们热忱欢迎你的投递。即使不完全符合所有条件，你仍有可能成为本岗位或飞利浦其他职位的合适人选。点击此处，了解更多飞利浦 “用心创造影响力” 的企业文化。


Your role:
Key tasks are to assure security robustness, by conducting efficient and effective security assessments on products / services / systems to ensure robustness w.r.t the security features. The security assessor is a subject ma er expert who identifies and helps resolve security issues, and also supports soldering work for hardware product security tests. The position reports to Director Product Security China, and dot-line functionally report to Indian SCoE manager.


You're the right fit if:

3 years of progressive experience in security domain with expertise in any one or more of the following areas:

AI Security testing

IoT Security testing

Bluetooth/Zigbee/Wi-Fi security testing

Mobile application hacking

Web application / Web Services security testing

Infrastructure security testing

Cloud security assessments

Automation and integration of security testing

Good hands-on experience with Security Assessment tools

Good hands-on experience with embedded devices

Exposure to Hardware protocols such as JTAG, UART, SPI, I2C, MQTT etc.

Good understanding of types of Firmware such as RTOS, Full pledged Operating system etc.

Good Knowledge in reverse engineering the application binaries such as .exe and ELF etc.

Experience in conducting security assessments and penetration testing on IoT devices

Should be Proficient in IEEE 802.11 standards (Wi-Fi)

Knowledge of WPA3, WPA2, and WEP encryption standards

Familiarity with 802.1X for network access control

Understanding of VPN protocols (IPSec, L2TP, SSL/TLS)

Experience in conducting security assessments and penetration testing on Wi-Fi devices

Experience in conducting security assessments and penetration testing on Bluetooth devices

Familiarity with tools for Bluetooth security analysis (e.g., BlueZ, Blescanner, Wireshark)

Understanding of security frameworks for wireless communications (e.g., IEEE 802.15.1)

Experience on manual exploitation of vulnerabilities, generating the reports, pin-pointing the vulnerabilities and provide detail recommendations on vulnerability exploitation

Exposure to current security threats, specific to the application security

*Experience/exposure to programming platforms such as Java /.Net/ C and C , is an added advantage

*Should have been involved in end to end application security testing for multiple products / projects / applications with good appreciation for SDLC and test life cycle.

Certifications: CEH/OSCP/CSSLP/CISSP/GCIH/GPEN (at least one)

Willing to occasionally travel domestically (Suzhou, Shenyang, Shenzhen) and international (Bangalore, The Netherlands)

Languages: Mandarin and English

Note (*): highly recommended but non-mandatory

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
61 Learn more about our business.
61 Discover our rich and exciting history.
61 Learn more about our purpose.
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.