about Us:
Introduction to Alibaba Local Life Service Company On October 12, 2018, Alibaba Group announced the official establishment of Alibaba Local Life Service Company. Ele.me and Koubei merged to form the leading local life service platform in China. The mission is to "redefine urban life, Make life better." Koubei focuses on in-store consumption services, Ele.me focuses on home lifestyle services, Hummingbird Instant Delivery focuses on instant delivery services, and Keruyun focuses on providing merchants with digitally upgraded products and services, jointly promoting the digitization of the local lifestyle market. , making it easy to do business offline.
Recruitment positions:
Ecological security operation expert (P7/P8)
Job introduction:
1. Responsible for the ecological partners of Alibaba’s local life business group (outsourcing, investors, ISVs, merchants, institutions, etc.)Data SecurityOperation and management, establishing ecological security standards, security baselines and management and control system requirements, promoting the implementation of security strategies, risk management and disposal, and establishing an ecological security operation system and data security and user privacy data management and control mechanisms;
2. Have data sensitivity, use data mining to mine abnormal risks from massive behavioral data, and continuously update and iterate ecological security strategies and process mechanisms;
3. Establish an ecological link business data security and user privacy data risk perception and governance system, and use digital operations to realize the promotion and implementation of ecological link business data leakage, user privacy data protection mechanisms, and ecological business goals;
4. Collaborate with business parties to formulate open platform strategies, and establish the overall security capabilities and operation system of the local open platform ecosystem from the perspective of security, data leakage, and user privacy risks.
5. Emergency response and security risk management of ecological link data security incidents.
6. Have a good business perspective and the ability to communicate across departments to promote project implementation.
Privacy protection and compliance expert (P7/P8)
Job introduction:
1. Responsible for organizing and planning privacy protection, compliance and other related training, covering new employee training, as well as special training across various business departments and levels, including but not limited to: data security awareness training, company security solutions and tool use training.
2. Responsible for the preparation and continuous optimization and improvement of standards and system documents related to privacy protection, security compliance assessment and auditing;
3. Responsible for formulating regularinformation securityRisk assessment, as well as company-wide information security compliance inspection, organize and promote the implementation of compliance business in each business department of local life.
4. Responsible for formulating an information security audit plan every year, organizing and executing internal information security audits within the company, proposing corrective and preventive measures for discovered problems, promoting the improvement of information security management and control measures within the company, and supervising rectifications.
5. Responsible for organizing communication and docking with regulatory agencies, and organizing and implementing relevant work in accordance with laws, regulations and regulatory requirements.
Supplementary requirements
1. Understand domestic and foreign laws, regulations, and standards related to information security. Have relevant experience in compliance such as GDPR, ISO27001, ISO27701, level protection, etc.
2. Those with 3-5 years or more experience in information security, CIPT, CIPM, CISA, CISSP qualifications will be given priority.
3. Understand basic network and information security technologies, track the latest information security product knowledge and technologies, and have an in-depth understanding of mainstream security technologies and products or industry security standards.
4. Strong sense of responsibility, strong communication skills, strong organizational and coordination skills, rich in teamwork spirit, and able to bear greater pressure.
5. Have good project management and project promotion capabilities.
Information Security Expert (P7/P8)
Job introduction:
1. Responsible for the construction of SDL system, including source code white box audit, security test automation, etc.
2. Responsible for the security review, code audit, security detection and response of local life-related business lines.
3. Responsible for tracking the industry's cutting-edge security attack and defense technologies, researching black and gray attack methods, and implementing detection and protection solutions.
4. Responsible for forward-looking research on local life data security technology, precipitating data security technology and incubating data security tools or products.
Replenish:
1.3 years or more of application security and SDL related security work experience, good at web and mobile security solution design and vulnerability mining.
2. Familiar with the SDL process, with code audit capabilities and security data analysis capabilities in development languages such as JAVA and Node;
3. Applicants with mature SDL work experience and experience in standardizing SDL process for Internet companies will be given priority;
4. Those with expertise in a certain field will be given priority, such as vulnerability mining, penetration testing, code auditing and security solutions, etc.
5. Master one or more programming languages in Java, Python, and golang, and be familiar with commonly used encryption and decryption algorithms.
6. Have good self-motivation, communication and expression skills, and good sense of teamwork.
7. Applicants with experience in vulnerability analysis and mining of JAVA framework will be given priority.
8. Have CISSP related qualifications or be excellent in security community and SRCwhite hatpriority.
Candidate channel:
Contact information:fengliang.lyh@taobao.com Resume + job title
WeChat:82836769
Everyone is welcome to tease~~
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/alibaba-local-life-security-team-html