Position Summary

The position is primarily responsible for the execution of information security projects in industrial control systems and operational technology environments, including risk analysis, system assessment, and certification. It also involves participating in cutting-edge security technology research, assisting in the construction of localized information security evaluation systems and service capabilities.
该职位主要负责工业控制系统与操作技术环境下的信息安全项目执行，包括风险分析、系统评估与认证。同时参与前沿安全技术的研究，协助构建本地化的信息安全评估体系与服务能力。

Job Responsibilities 
1.Security assessment and project support of information security service projects.
负责信息安全服务项目的安全评估工作和项目支持工作。

2.Implementation of industrial information security projects, and assist customers in gap analysis, scheme design, security rectification, management system and other related work.
负责工业信息安全项目实施，协助客户完成差距分析、方案设计、安全整改、管理制度等相关工作。
3.Evaluate clients’ overall security posture, provide strategic recommendations and implementation roadmaps.
对客户信息安全体系进行整体评估，提出优化建议与实施路径。
4.Provide consulting services such as industrial control safety planning, safety management system, emergency management, and level protection.
负责工控安全规划、安全管理体系、应急管理、等级保护等咨询服务。
5.Conduct security testing, including penetration testing, vulnerability scanning.
执行渗透测试、漏洞扫描、代码审计等安全测试任务。
6.Track and analyze industrial security trends, regulations, and emerging technologies, and support the continuous improvement of service offerings.
跟踪研究工业信息安全领域的技术趋势与政策动态，推动服务产品的优化与创新。
7.Collaborate with cross-functional teams and support additional tasks as needed.
与跨职能团队协作，完成部门经理交办的其他任务。

Job Requirements 

1、Master’s degree or above in automation, industrial control, computer, software engineering related major.
自动化、工业控制、计算机、软件工程类相关专业，硕士及以上学历。
2、Passionate about industrial cybersecurity, familiarity with programming languages (e.g., Python, C/C++) and software development concepts.对工业信息安全领域充满热情，熟悉编程语言（如Python、C/C++）及软件开发概念。
3、Hands-on experience with security testing tools, virtualization environments, or cybersecurity labs/experiments is a strong plus.
有安全测试工具、虚拟化环境或网络安全实验室/实验经验者优先。
4、Familiarity with cybersecurity standards such as IEC 62443, NIST SP 800-82, or ISO 27001 is a plus.
熟悉IEC 62443、NIST SP 800-82、ISO 27001等安全标准者优先。
5、Strong analytical and problem-solving skills, with the ability to learn quickly and adapt in a fast-evolving field.
具备良好的分析与解决问题能力，能快速学习并适应快速发展的技术领域。
6、A team player with effective communication skills and a proactive attitude toward becoming a well-rounded security engineer.
善于团队协作，具备良好的沟通能力与主动积极的工作态度，致力于成为全面的安全工程师。