Security Engineer at Y-MEX

Job Description

Key Responsibilities

• Independently or collaboratively conduct white-box code audits for company projects (primarily PHP/Java), identifying high-risk vulnerabilities and business logic risks.
• Perform black-box penetration testing on key systems, simulating attacker strategies to validate security vulnerabilities.
• Participate in internal red team/blue team exercises, emergency response activities, and vulnerability replication to determine the root causes of security incidents.
• Engage in security assessments of internally developed products, producing vulnerability Proof of Concepts (POCs), demo reproductions, and audit reports.
• Monitor and track high-risk industry vulnerabilities (e.g., RCE, deserialization, SSRF, supply chain injection) and assist in external vulnerability disclosures and vendor reporting.
• Mentor and train junior security engineers to enhance the overall technical capabilities of the team.

Job Requirements

• Strong expertise in code auditing, particularly for PHP and Java applications.
• Proven experience in black-box penetration testing and vulnerability assessment.
• Familiarity with red team/blue team exercises and incident response procedures.
• Ability to create detailed vulnerability reports, POCs, and remediation recommendations.
• Knowledge of common security vulnerabilities such as RCE, SSRF, and deserialization flaws.
• Excellent communication skills and the ability to mentor junior team members.

Preferred Qualifications

• Experience with supply chain security and vulnerability disclosure processes.
• Certifications such as OSCP, CISSP, or CEH are a plus.
• Background in software development or secure coding practices.