Job Responsibilities
1. Security Protection System Operations
- Manage the end-to-end lifecycle of core security solutions (including WAF, MiShield, HIDS) for Xiaomi’s international business portfolio, including configuring policies, optimizing rules, and expanding coverage to protect web/mobile applications against common threats (e.g., OWASP Top 10).
- Develop real-time monitoring/alerting frameworks, analyze security logs to detect anomalous traffic and attack activities, produce root-cause analysis reports, and enhance defense strategies.
2. API Security Capability Development
- Lead the design of an API security framework for international operations, ensuring end-to-end interface protection. Create models for abnormal behavior detection and access control policies to mitigate risks like unauthorized data access and API abuse.
- Integrate with API gateways/microservices, incorporate SAST/DAST tools to advance shift-left security practices, and establish developer security guidelines.
3. Vulnerability Management
- Oversee end-to-end vulnerability processes (scanning, risk assessment, remediation) for international business. Implement high-risk vulnerability response mechanisms and collaborate with R&D teams on code-level fixes.
- Monitor global threat intelligence and zero-day vulnerabilities, organize regular red/blue team exercises, and refine emergency response protocols.
4. Compliance and Collaboration Support
- Ensure security operations adhere to regional regulatory standards, including GDPR and Singapore Personal Data Protection Act (PDPA), and prepare compliance audit reports.
- Collaborate with international business units, local compliance teams, and third-party vendors to deliver security technical support and training.
Job Requirements
1. Education and Experience
- Bachelor’s degree or higher in Computer Science, Information Security, or a related field.
2. Technical Skills
- Expertise in operating security products (e.g., WAF, IDS).
- Proficiency in API security design/protection, including OWASP API Top 10 knowledge and gateway security policy deployment.
- Familiarity with vulnerability management processes and tools (e.g., Nessus, Burp Suite), along with the ability to reproduce vulnerabilities and validate remediation efforts.
- Proficiency in scripting languages like Python/Shell; experience in developing security automation tools is an advantage.
3. Core Competencies
- Knowledge of international data security regulations and compliance requirements, with effective cross-regional team collaboration skills.
- Fluency in English and Mandarin (spoken and written) for daily work; professional certifications such as CISSP or CSSLP are preferred.
- Strong sense of responsibility and problem-solving abilities, with the capacity to respond to unexpected security incidents.
4. Bilingual in English and Mandarin In order to communicate with customers and China office colleagues.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Cybersecurity Engineer – Anti-Fraud & Content Security(A230883)
2026-05-28
Data Analyst
2026-07-03
Security Engineer, Enterprise Data Protection
2026-06-30
- Posted
- Jul 03, 2026
- Type
- Full-time
- Level
- Entry
- Location
- Singapore
- Company
- Xiaomi Technology
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Cybersecurity Engineer – Anti-Fraud & Content Security(A230883)
2026-05-28
Data Analyst
2026-07-03
Security Engineer, Enterprise Data Protection
2026-06-30