AboutUs

RedotPayisacuttingedgeWeb3paymentcompanyrevolutionizingdigitaltransactionsthroughblockchaintechnology.Weempowerbusinessesandconsumerswithfast,secure,anddecentralizedpaymentsolutions.

Responsibilities:

• Design and review security strategies within the company's overall technical architecture, covering applications, data, networks, infrastructure, and cloud platforms. Provide security architecture guidance and solutions for new products and systems to ensure "Shift Left Security."

• Develop and maintain corporate security configuration standards, secure development guidelines, and security architecture reference models. Promote the implementation of security baselines for key platforms (e.g., cloud, containers, API gateways, databases).

• Lead or participate in threat modeling, risk assessments, and security audits for company products/platforms, propose improvement measures, and follow up on implementation closure.

• Conduct security reviews of development, operations, and architecture team proposals, participate in key system selection decisions, and introduce security middleware, components, and services.

• Collaborate closely with development, operations, product, and other teams to drive the implementation of security designs in business scenarios. Organize security training and case-sharing sessions for development and technical teams.

Qualifications:

• 3-5+ years of experience as an information security lead or architect in an enterprise internet environment, with at least 2 years in security architecture design.

• Familiarity with mainstream architecture systems (e.g., microservices, containerization, cloud-native) and proficiency in common security technologies (e.g., encryption algorithms, identity authentication, access control, data protection).

• Knowledge of cloud service (AWS/Aliyun/Azure) security architectures and best practices.

• Understanding of mainstream compliance frameworks such as PCI DSS, ISO 27001, NIST, GDPR, and Cybersecurity Law.

• Familiarity with the Secure Development Lifecycle (SDL), network security zoning, and security policies for foundational software.

• Experience in corporate-level security policy formulation, with strong execution and driving capabilities.

• Possession of security certifications such as CISSP, CCSP, or AWS Security Specialty is preferred.

• Hands-on experience in penetration testing, vulnerability analysis, or code auditing is a plus.