【擁抱變革 Change】
無論在個人或企業方面,我們必須無畏而堅定地執行必要的變革。由於數位世界瞬息萬變,我們必須隨時保持開放的思維及眼光,這不僅有助於因應變化並快速自我調整,更讓我們樂於接受挑戰。
【團隊合作 Collaboration】
在一個無疆界的全球化數位世界,我們同樣也要超越國家、地區及職務角色的藩籬,才能持續成功。
【顧客至上 Customer】
趨勢科技是為了服務客戶而存在,因此所有決策最終都必須以客戶的利益為依歸。
【勇於創新 Innovation】
創新是我們為客戶創造真正價值的關鍵,在一個日新月異的科技世界,我們必須隨時運用最優秀的技術和創意,才能最有效地防範威脅。
【值得信賴 Trustworthiness】
身為一家資安廠商,我們不只是販售商品而已,更重要的是和客戶建立長期的關係。而建立這樣的客戶關係,值得信賴的特質是最重要的。
主要商品 / 服務項目
Trend Micro Managed XDR
趨勢科技Managed XDR :於各個不同防護層皆提供了標準與進階的偵測、調查及回應服務。 不論是企業內產品或防護服務 (SaaS) 產品皆可採用託管式服務。如果是 SaaS 環境,我們的 Managed XDR 服務也將因客戶所採用的 Trend Micro™ XDR 進階偵測及回應平台而受益,提供交叉關聯偵測,以及整合式調查與回應。
• 偵測
1. 7 天 24 小時持續執行監控、交叉關聯分析以及優先次序判斷,透過自動化流程與數據分析,快速過濾出真正需要進一步調查的警示。
2. 持續掃瞄客戶環境是否有新發現的入侵指標 (IoC) 或攻擊指標 (IoA),包括其他客戶環境所發現的指標以及趨勢科技接收 US-Cert 、SWIFT、FBI、FIRST、INTERPOL 和其他第三方機構所發布的指標。
3. 善用趨勢科技產品的獨家優勢大數據威脅資料分析中心、威脅情資系統、AI、Machine Learning等技術,進而提昇產品偵測能力,有效面對各種駭客侵襲滲透。
4. 我們針對趨勢科技產品所開發的任何最新偵測技術,都會讓託管式偵測及回應 (MDR) 服務的用戶率先應用,因此您隨時都能享受到最新技術來防護企業網路。
5. 收集與了解客戶環境資訊,客製化調整規則提升準確度
6. 專屬資安分析師,協助判斷系統過濾後的事件是否為受駭事故,減少非必要的警告
• 調查
1. 利用根源分析、交叉關聯產品紀錄,整理攻擊的入侵管道、停留時間、外洩帳號、技巧與影響,描繪出事件完整攻擊樣貌。
2. 透過事件IOC 資訊擴大評估可能受駭的主機,協助界定企業內部感染範圍
3. 在調查及回應過程當中,客戶可透過電話或郵件直接與我們的在地資安分析師溝通協調。
• 回應
1. 遠端收及可疑樣本分析,針對未知惡意程式製作病毒碼可大量佈署至端點清除
2. 通報同時提供客戶客製化且可執行的事故處理建議措施,有效緩解駭客攻擊
3. 持續掃瞄企業以確保安全無虞。
4. 產生詳細的事件報表與定期的高階經理人資安狀況報表。
5. 整合事故調查服務,即時派員到場調查、協助客戶進行資安事故應變
福利制度
• 樂活 Fun 假趣:新進同仁即享 7-10 天之特別休假,每年額外提供 4-7 天彈性休假供同仁自主運用。此外,定額旅遊補助,揪滿多名趨勢人一同出遊,可獲得更高額補助金!
• 歡樂慶佳節:我們享有中秋端午的節慶禮金,也提供生日禮金、結婚禮金及生育禮金,在員工的人生重要階段給予祝福!
• 健康守護者:提供員工每年免費身體健康檢查及團保福利,除此之外,親友也同享體檢與團保優惠價。每週也提供免費視障按摩服務,在工作後也能放鬆一下。
• 活躍的社團:同仁能透過社團參與,和志趣相投的同事一起發掘生活新樂趣。動態活動如:瑜珈社、籃球社、游泳社、慢跑社、踢拳擊社、登山社等;靜態活動如:桌遊社、手工藝社、動漫社等;更有藝文活動如:攝影社、熱舞社、熱音社。總共多達 30 幾個社團等您展現不同的自己。公司也透過運動會、家庭日與春酒活動,創造同仁更多展現創意及增進互動的機會。
• 多樣的特約商店:我們與多家優質特約商家合作,範圍涵蓋食衣住行育樂,讓趨勢人的生活福利也升級。
此外,由趨勢同仁組成的福利委員會更根據大家的新需求,持續量身打造專屬福利,豐富趨勢人的生活。
職缺資訊
Threat Defense Expert
• 收集潛在的威脅、剛萌芽的犯罪想法,找出駭客的終極想法,預測未來有可能發生的犯罪攻擊
• 與優秀資安人才討論分享研究案例與發展工具資源,利用情資系統進行研究分析、擴展國際視野
• 領先市場發現新的威脅與弱點,提出最適的解決方案、直接對抗惡意組織保護客戶,並將研究結果進行投稿、發表與演講
技能
• Bachelor degree or higher in computer science/electronic engineering or equivalent work experience
• Familiar with Windows/Linux programming
• Familiar with malware or hardware/firmware threat analysis.
• Familiar with Reverse engineering, network traffic analysis
• Good English reading and communication skills
Software Security Architect (RDSec)
RDSec is a global team dedicating to ellimination of software vulnerabilities, improvement of operational security, security of development pipelines, protection of data asset and intellectual property, and promotion of security awareness in Trend Micro.
【Responsibilities】
• define security policy and guidelines by continuous adoption of industry best practices
• implement required security activities with product development teams
• integrate security checks with development lifecycle and pipelines for visibility and compliance
技能
• verse in DevOps and DevSecOps toolchain with integration experience
• Knowledge and skills of SAST, DAST, and IAST techniques and tools
• Ability to perform software threat modeling and architectural risk analysis
• Ability to conduct security testing, penetration testing, and reverse engineering
• knowledge about software security standards and best practices, such as ISO 27001/27034, PCI, CSA STAR, and so on
• Familiar with the agile development process
• Familiar with architecture, software development, and security on AWS and Azure
• Experience with WAF/IDS/SIEM is a plus
• Certificates such as CSSLP, GPEN, and GWAPT is a plus
Cloud Security Architect (InfoSec)
As a Cloud Security Architect, you will contribute in the overall strategy, design and development of security architecture for different types of public, private and hybrid cloud environment.
【Responsibilities】
• Lead security initiatives in gaining continuous visibility on cloud-based servers/applications and development of security controls in common cloud infrastructure
• Perform design reviews to assess security risk and requirements for adoption of new technologies. • Proactively engage with senior management, product/service engineering and other technology teams to understand business goals and enterprise security needs.
技能
• Any Bachelor’s degree
• At least 5 years’ experience as a Security Architect
• At least 3 years’ experience in architecting solutions with Cloud IaaS/SaaS/PaaS providers such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud.
• Deep understanding of cloud security gaps and diverse cloud security capabilities
• Good verbal and written English communication skills that can level with different management and technical teams
• Experience in working as part of a cross-functional team to implement solutions
• Knowledge in multiple high-level programming language and scripting language
• Knowledge in Big Data Analytics, Machine Learning and Artificial Intelligence
• Knowledge in privacy law, GDPR, and cloud security best practices
Security Engineer
In this team, you will have opportunities to conduct attack simulation with BAS tools, validate the solution and improve its effectiveness, design and implement tools, which requires not only the security knowledge, also product knowledge and technologies Trend Micro offers.
【Responsibilities】
• Collaborate with team members and assist in doing attack/threat simulations and solution validations.
• Communicate with stakeholders (Sales Engineer, Tech Support and Solution Teams) to explain and mitigate the solution gap
• Participates in the new feature design and development of integration elements (product setting collection, log parser, report generation), data models, and/or APIs.
• Transfer the information and conduct technical training to the internal teams as needed.
技能
【Technical Skills】
• Experience with MITRE-liked Breach Attack Simulation Tools and/or open-source frameworks.
• Experience with web application design and development programming skills (CSS, JavaScript, HTML, PHP, SQL, etc.) and familiar with PHP-based web framework- Laravel.
• Experience with standalone tool, system integration, automation scripts, and/or API/Service development in one or more of the programming languages (Java, PowerShell, Python).
• Experience with virtualization technologies (VMWare), container technologies (Kubernetes/ Docker), automation framework (Jenkins), threat knowledge, and/or cyberattack simulation will be a plus.
【Soft Skills and Others】
• Have a good command of the English language (written and oral).
• Quick learner with a desire to learn new tools and techniques.
• Have a positive personality and good communication skills.
Sr. Ethical Hacker (RDSec)
RDSec is a global team dedicating to elimination of software vulnerabilities, improvement of operational security, security of development pipelines, protection of data asset and intellectual property, and promotion of security awareness in Trend Micro.
【Responsibilities】
• perform penetration test on products, services, infrastructure and operation
• create report from test findings, including security issues and risk assessment
• conduct vulnerability root cause analysis and design rectifications
• working with R&D to develop security testing methods, tools and processes
技能
• at least 3 years of pen-testing experience with proven record
• solid knowledge of networks and infrastructure
• solid knowledge of operating systems such as Windows, Linux and Mac
• ability to code in Python, Perl, PowerShell and Bash
• ability to write PoC code and exploits
• good knowledge about common pen-testing tools with use experience
• familiar with MITRE Att&ck framework, OWASP Top 10 and CVSS scoring
• familiar with SAST, DAST, and IAST methodology
• experience of software developer is preferable
• certificate of CEH/OSCP/OSCE/GPEN/GWAPT is a plus
• good communication in English
