Principal Security Operation Engineer

Job responsibilities

Red-blue confrontation drill

• Responsible for developing and executing penetration testing, red-blue confrontation, and practical attack and defense drills that simulate real attack scenarios, identifying potential security risks in enterprise networks, applications, cloud environments, work networks, and core business systems.
• Lead or participate in red-blue confrontation exercises to evaluate the defense team's ability in attack detection, alarm analysis, traceability analysis, emergency response, and recovery.
• Based on the real attack chain design exercise scenario, covering extranet breakthrough, web vulnerability exploitation, phishing entrance, privilege escalation, lateral movement, Data Discovery, privilege maintenance, and defense bypass stages.
• Combining the attack review results, promote the continuous optimization of security detection rules, response processes, asset governance, and security base lines.

Attack Surface Analysis and Threat Research

• Identify enterprise network exposure, internet assets, cloud assets, APIs, supply chain components, and third-party access risks, evaluate attack paths, and provide mitigation recommendations.
• Monitor and collect threat intelligence, track vulnerability exploitation trends, APT attack methods, red team toolchain changes, and apply them to enterprise attack and defense exercises.
• Combining business scenarios to model attack paths and discover feasible attack chains from external exposure surfaces to core assets.
• Tracking AI-related security risks, including security issues in large-scale model applications, RAG systems, Agent systems, plug-in/tool calls, MCP services, AI code generation, and automated workflows.