At Chengbao, we’re leading the way to a more private and secure digital world. Consumers in over 180 countries around the globe rely on our industry-leading cybersecurity software and services.
We are an international tech company with a team of 300+ worldwide and a core team of 70 based in Hong Kong. We’re profitable, growing, and just getting started.
We hire world-class developers, product managers, and marketers in the industry, and give them the tools to succeed. Together, we ship beautiful, usable software for desktop and mobile that our customers use and love every day.
Ready to do the best work of your life? We’ve built just the place.
We’re looking to expand our Cybersecurity Team
We are looking to expand our security team with security professionals, both junior and senior, as individual contributors and even people management positions.
Your mission will be to protect the company from damaging security incidents.
Responsibilities of the security team
- Security Operations: Set up and run security threat detection and mitigation processes.
- Scan all devices on the company’s networks. Run Metasploit, the Kali Linux toolchain, and similar tools on an ongoing basis in all office locations, using best-practice methods.
- Run network-based intrusion detection. Detect and stop attack attempts or successful exploits. Research and implement solutions or self-operated tools as needed.
- Run host-based intrusion detection. Work with IT and Ops teams to use endpoint protection software for employee devices, IT servers, and cloud-app servers. Ensure they comply with our IT policy, have up-to-date patch status, only run authorized applications, guard against known malware, stream relevant logs for real-time analysis by the SOC, etc.
- Collect and analyze logs from all devices across the company and monitor and alert on suspicious activity.
- Partner with the Ops team to set up a 24/7 SOC to be Tier-1 for all security-related processes.
- Design, implement, and test incident response processes.
- Oversee our bug bounty program.
- Defense in depth: Coordinate and actively participate in red team projects.
- Identify and vet external pentesting vendors, own the relationships in the long-term (they might engage with various teams across the company over time and need you as a consistent point of contact), help coordinate their projects.
- Run pen tests by yourself and together with colleagues.
- Run security QA as part of our software development process.
- Participate in tech-designs for new projects, advise on security issues.
- Partner with IT and engineering teams. Your work will identify problems. Ensure that the issues have sufficient priority and get fixed promptly, and that root causes get eliminated where feasible.
- Train employees.
- Advocate security best practices across the company, including employee IT, as well as cloud operations.
- Curate security-related training content for all employees.
- Be an internal trainer for some topics directly.
- PR: Create content describing our security processes to the public (i.e., blog posts, guest posts, trust-center updates, open-source contributions, etc.). Build brand value.
- Decide where to spend the company’s security budget on vendors, training, and licenses.
What you need to be successful
- Expert knowledge of best practices in:
- Employee IT technology, processes and policies
- Cloud security, especially AWS
- Secure software development and QA
- Devops processes
- Especially for people managers:
- Excellent communication and interpersonal skills. Ability to influence others across the organization.
- Attractive compensation and benefits
- Flexible working hours and a healthy work-life balance
- Work in a challenging, collaborative, and fun environment