Huawei is a leading global information and communications technology (ICT) solutions provider. Driven by a commitment to operations, ongoing innovation, and open collaboration, we have established a competitive ICT portfolio of end-to-end solutions in Telecom and enterprise networks, Devices and Cloud technology and services. Our ICT solutions, products and services are used in more than 170 countries and regions, serving over one-third of the world's population. With 197,000 employees, Huawei is committed to develop the future information society and build a Better Connected World.
Huawei Munich Research Center is responsible for advanced technology research, architectural development, design and strategic engineering of our products.
Huawei Vulnerability Management Center (PSIRT) was founded and accepted as a member of the Forum of Incident Response and Security Teams (FIRST) in 2010. It has established a vulnerability response process in compliance with ISO/IEC 29147 and ISO/IEC 30111. PSIRT is a dedicated team that receives, investigates, and discloses security vulnerabilities in Huawei products and solutions and is an important vulnerability disclosure window.
PSIRT is responsible for vulnerability management during the Group's deep dive into digital transformation and new business. It builds an end-to-end (E2E) vulnerability governance and capability system and an open vulnerability management ecosystem, implements vulnerability management requirements under the company's diverse business structure to meet stringent external requirements, and ensures that product security capabilities can be translated into competitiveness.
Now we are looking for a Vulnerability Engineering Expert (m/f/d)
- Develop and maintain a corporate-level E2E vulnerability management engineering solution
- Optimize the design for vulnerability response (DFVR) capability baseline (quick awareness, easy traceability, easy assessment of live network risks, vulnerability impact mitigation, vulnerability remediation, easy patch release/deployment, and vulnerability EOX execution) for advanced engineering, technologies, and methodologies in vulnerability management and emergency response.
- Analyze E2E vulnerability management and operations
- Provide subsidiaries/industries with public engineering/governance/operations/analysis/management capabilities revolving around vulnerability-related data, covering vulnerability information, vulnerability exploitation trends, vulnerability remediation information, supplier/Huawei/industry top vulnerability exploitation list, vulnerability type, live network mitigation distribution, customer attention, etc.
- Provide common capabilities (vulnerability database, vulnerability-related public opinion system, vulnerability exploitation threat intelligence system, vulnerability case database, vulnerability remediation database, vulnerability disclosure website, and vulnerability mitigation case database) for granular services and different industries.
- Full-time bachelor degree or above, with at least 12 years of experience in cyber security
- Familiarity with vulnerabilities' internal principles, detection methods, exploit means, and solution
- Strong organization, communication, coordination, and promotion capabilities, adequate project management and execution capabilities, and ability to complete projects independently
- Knowledge about security technologies, attack defense and confrontation, emergency response, vulnerability discovery, vulnerability management, etc.
- Mastery of one or more programming languages, such as C/C++/Java/Python/Perl/Ruby/Shell; product development experience preferred.
- Experience in product line development/testing/O&M/SRE, service/GTAC/SR, or frontline work outside China
- Experience in open source communities or SRC
- Certificates in cyber security or privacy protection, such as CISSP, IAPP, and CISA
- Fluent in written and spoken English
By applying to this position, you agree with our RECRUITMENT PRIVACY STATEMENT. You can read in full our recruitment privacy statement via the link below.
- Our culture is characterized by innovative power and team spirit as well as the intensive exchange of knowledge and experience within our global network.
- Self-responsible work in a competent, motivated and constantly growing team.
- We offer you a competitive compensation package and a broad range of training opportunities. Many online and face-to-face training programs.
If you are enthusiastic in shaping Huawei’s Munich Research Center together with a multicultural team of highly skilled Engineers and Researchers, feel free to contact us. Driving future technologies focused on the customer experience is our main mission. Apply now!
Please send your application and CV (incl. cover letter and reference letters) in English.