Principal Security Engineer

Job Locations CN-Beijing
Requisition ID
Research & Software Developmnt


Principal security engineer is a senior technical role assuming broad responsibilities in securing and reviewing security state of various solutions used or developed by HERE organization. Person in this role will help development and operations teams to securely deploy and implement required functionalities as well as participate in incident response driving emergency incident decisions from technical security perspective.


  • Participate in On-Call incident response
  • Conduct security reviews of products and services used or developed by HERE
  • Guide and create guiding material to support R&D and Ops teams in HERE to ensure secure development, deployment and maintenance practices across the organization
  • Develop and maintain internal tools to be used for security related task automation
  • Coordinate and participate in auditing/penetration testing activities
  • Coordinate and participate in tests and pilots of security products to be utilized by HERE


  • 5+ years of experience in securing IT systems and infrastructure
  • Understanding of modern attack vectors and mitigation steps in modern internet environments
  • Knowledge of modern technologies and approaches to detection of malicious activities
  • Understanding of digital forensics activities such as evidence collection and malicious activity analysis, ability to perform said activities
  • Understanding security principles, best practice architectures, tools and processes
  • Experience in configuring, administering and hardening Linux environments
  • Ability to communicate security objectives both in spoken and written word to a variety of audiences; from non-technical business executives, through to Ph.D. educated security experts
  • Understanding of operations of a variety of database engines, including Oracle and MySQL
  • Experience in development and deployment of applications using Tomcat, JBoss, Jetty and Glassfish
  • Experience with a broad range of web technologies and standards
  • Ability to strategize and conduct penetration testing and security assessments for Web Applications – including REST/SOAP APIs and platform assessments
  • Knowledge of network architecture, standards and protocols
  • Ability to take business cases, drivers and priorities and integrate these requirements into overall security design
  • Ability to work in multi-cultural environments and internationally distributed teams


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.