Information Security Engineer (Security Operations)(A03596)

Responsibilities

• Security Protection System Operations
  • Manage the end-to-end lifecycle of core security solutions (including WAF, MiShield, HIDS) for Xiaomi’s international business portfolio, including configuring policies, optimizing rules, and expanding coverage to protect web/mobile applications against common threats (e.g., OWASP Top 10).
  • Develop real-time monitoring/alerting frameworks, analyze security logs to detect anomalous traffic and attack activities, produce root-cause analysis reports, and enhance defense strategies.
• API Security Capability Development
  • Lead the design of an API security framework for international operations, ensuring end-to-end interface protection. Create models for abnormal behavior detection and access control policies to mitigate risks like unauthorized data access and API abuse.
  • Integrate with API gateways/microservices, incorporate SAST/DAST tools to advanc...