汇聚思想，创造力量

职位职能: 网络安全工程师

职位描述:

岗位职责:
该网络安全实习生职位为您提供了深入了解巴斯夫网络安全组织各个学科的绝佳机会。作为培训生计划的一部分，计划您将在以下团队工作：

This Cyber Security Trainee position offers you the perfect opportunity to gain an insight into the various disciplines of BASF's cyber security organization. It is planned that you will work in the following teams as part of the trainee program:

巴斯夫网络安全办公室 (BCSO)
? 作为内部业务合作伙伴的***联系人，处理所提供的信息和指导中未解决的请求
? 基于标准化请求的知识库提供一级咨询
? 基于知识库和主题专家 (SME) 的输入，为非标准化请求提供二级咨询
? 支持内部业务合作伙伴 (IBP) 执行保护需求分析 (PRA)，作为精益信息安全评估 (LISA) 的一部分
? 维护并进一步开发 BCSO 知识库

意识和培训
? 通过不同渠道向所有员工和领导者等特殊目标群体创建并传达相关主题的信息
? 确定培训需求和目标群体，并确定要包含在网络安全培训学院和/或其他平台中的内容
? 与国际环境中的主题专家合作，维护和审查整个网络安全和信息保护领域的现有培训和意识服务，并开发新的培训和意识服务（电子学习、PowerPoint、PDF、视频、新的学习方式）
? 规划和组织培训和宣传活动 - 现场和在线

漏洞管理
? 支持影响巴斯夫和巴斯夫系统的漏洞的识别、分类和修复
? 咨询产品/服务/应用程序所有者以了解如何缓解已识别的漏洞
? 生成漏洞报告并将其分发给所需的利益相关者
? 支持其他举措以进一步暴露攻击面并进行修复

BASF Cyber Security Office (BCSO)
? Act as a first point of contact for internal business partners with requests that are not solved within the provided information and guidance
? Provide 1st level consulting based on a knowledge base for standardized requests
? Provide 2nd level consulting for non-standardized requests based on a knowledge base and inputs of subject matter experts (SME)
? Support Internal Business Partners (IBPs) performing Protection Requirement Analyses (PRA) as part of the Lean Information Security Assessments (LISA)
? Maintain and further develop the BCSO knowledge base

Awareness and Training
? Create and communicate information on relevant topics to all employees and special target groups like leaders via different channels
? Identifying training needs and target groups as well as determining content to include in the Cyber Security Training Academy and/or other platforms
? Maintaining and reviewing existing and developing new training and awareness offers (e-learning, PowerPoint, PDF, Video, new ways of learning) in the overall field of Cyber Security and Information Protection in cooperation with subject matter experts in an international environment
? Planning and organization of training and awareness events - both onsite and online

Vulnerability Management
? Support the identification, classification, and remediation of vulnerabilities impacting BASF and BASF systems
? Consult product / service / application owners to understand how to mitigate identified vulnerabilities
? Generate and distribute vulnerability reports to the required stakeholders
? Support additional initiatives to further attack surface exposure and remediation
任职要求:
? 您已成功完成信息技术、工商管理或类似教育学位
? 0-2年工作经验

必备要求：
? 网络安全领域的技术理解和初步经验（基础设施、网络、加密、应用程序开发、云服务……）
? 可靠性、灵活性、积极性和服务导向
? 能够对有关公司事务的行动进行独立判断，包括适当地识别、维护和指导机密问题。
? 能够处理多个优先事项并快速准确地响应来自多个来源的不断变化的需求。
? 必须具有文化意识并能够与各级??人员有效互动。
? 在处理日历冲突和即将举行的会议/活动时，必须表现出积极主动的态度。
? 必须以目标导向和结果导向的方式处理您的职责领域，并以明确的客户导向、奉献精神和决心为特征
? 能够自信地用中文和英文进行口语和书面交流

很高兴有
? 网络安全领域更深入的技术经验
? ISMS 和 ISO27001 领域的知识
? CISSP 或 CISSM 认证
流利的英语能力
流利的普通话能力

? You have successfully completed your degree in information technology, business administration or a comparable education
? 0-2 years’ working experiences
Mandatory
? Technical understanding and first experiences in the field of Cyber Security (infrastructure, networks, encryption, application development, cloud services,...)
? Reliability, flexibility, high motivation and service orientation
? Ability to exercise independent judgment in actions regarding company matters including identifying, maintaining, and directing confidential issues appropriately.
? Ability to handle multiple priorities and to respond to constantly changing demands quickly and accurately from many sources.
? Must have cultural awareness and be able to interact effectively with all levels of personnel.
? Must demonstrate a proactive approach when handling calendar conflicts and upcoming meetings/events.
? Must approach your area of responsibility in a goal-oriented and results-oriented manner and are characterized by their pronounced customer orientation, dedication, and determination
? Confident communication in Chinese and English, both spoken and written
Nice to have
? Deeper technical experiences in the field of Cyber Security
? Knowledge in the area of ISMS and ISO27001
? CISSP or CISSM certification

Fluent English Skills
Fluent Mandarin Skills