阿里巴巴LAZADA-Red Team & Sec Test / Specialist-Hangzhou
任职要求
What You Need Required Experience ● 5-8+ years in offensive security (Red Team, Penetration Testing, Adversary Emulation) ● Deep expertise in at least 3 domains: Web/API, Cloud, Active Directory, Mobile, or AI/ML security ● Proficiency in Python, Go, C#, PowerShell/Bash for exploit development ● Hands-on experience with C2 frameworks (Cobalt Strike, Havoc, Sliver), Metasploit, Burp Suite Pro ● Strong understanding of Windows/Linux internals, networking, and enterprise architectures ● Experience with MITRE ATT&CK® and / or ATLAS® framework and Purple Team engagements Preferred ● Advanced certifications: OSEP, OSWE, OSED, GXPN, CRTE/CRTO, CCT Web/INF ● Public security contrib…
工作职责
Execute sophisticated adversary emulation campaigns that mirror real-world threat actors. You'll be the attacker that helps make our defenses stronger. Core Responsibilities ● Plan and execute full-spectrum red team operations using MITRE ATT&CK® & ATLAS frameworks ● Simulate advanced persistent threats across web, mobile, cloud, and enterprise environments ● Bypass cutting-edge security controls (EDR, NDR, WAFs, SIEM/SOAR) to test real-world resilience ● Develop custom exploits and tools in Python, Go, C#, PowerShell, or Rust ● Collaborate with Blue Teams in Purple Team exercises to enhance detection capabilities ● Research emerging threats targeting e-commerce platforms ● Deliver actionable findings to technical teams and executives Attack Domains ● Web & API: Business logic flaws, SSRF, OAuth/JWT attacks, injection vulnerabilities, OWASP top 10. ● Mobile: iOS/Android: reverse engineering, OWASP MASTG ● Cloud & AD: Multi-cloud attacks (AWS, GCP, Azure), Kerberoasting, DCSync, Golden Ticket attacks ● Emerging Tech: AI/ML systems, serverless, containers, identity frameworks
参与语言大模型、视觉大模型、语音大模型、多模态大模型的应用评测与研究工作,具体工作内容包括但不限于: - 从大模型应用视角出发,建设科学、全面的大模型评测体系,制定并实施评测标准与评测方案。 - 对数据进行处理、理解,建设高质量数据pipeline,并基于科学、全面的评估体系构建数据集,系统评估模型能力,产出评测报告,指引大模型相应能力的提升。 - 利用大模型辅助、替代人工标注,准确、高效的进行半自动化、自动化的模型评测,降低评测成本、提升评测效率。 - 利用大模型进行自动化的Red Team,系统的发现9.11和9.8谁大答错等典型模型能力短板,以及模型发生涉政涉黄涉及未成年人等不当回复的风险。 - 对模型评测中发现的模型能力短板、模型能力变化、不符合认知的异常进行研究分析,产出研究分析结论,指引大模型相应能力的提升。具体研究项包括不限于数据、模型结构、训练方式对各类模型能力的影响,以数据相关研究为例,包括不限于研究不同数据类型、不同数据配比、不同数据加入时机、不同数据规模等变量对各类模型能力的影响。 - 紧密关注大模型方向的前沿技术进展,积极主动地学习和探索新数据分析、模型训练以及模型评测方法。 - 紧密关注大模型应用落地的行业最新进展,结合行业进展思考大模型评测、训练的发展趋势,对模型评测体系、机制进行迭代。
我们是致力于推动智能化服务技术革新的创新团队,专注于为全行业提供高效、智能的解决方案。我们的业务涵盖智能客服、智能培训、智能质检等多个领域。 我们团队正在建设“评测数字员工”,旨在通过标准化、智能化的评测手段,推动AI智能服务的全面升级,并打造行业领先和有代表性的评测体系与benchmark。 如果你对AI、NLP、数据挖掘、评测等领域充满热情,并希望在一个充满挑战与机遇的环境中快速成长,那么加入我们,一起定义未来智能化服务的新标准! 【职位描述】 1. 评测体系设计:参与设计并优化智能化服务(包括智能客服、智能培训、智能质检等)的评测体系,涵盖对话质量、操作质量、培训效果、拟人化、用户满意等核心指标。 2. 评测开发与优化: ○ 研发并优化基于LLM-as-Judge的评测能力,包括但不限于对话生成质量评估、意图识别准确率、多轮对话一致性等。 ○ 探索agent在复杂任务中的性能评测方法,如任务规划、SOP遵循、RAG、多模态交互等。 3. Red-team:针对agent系统的弱点进行攻击,找到系统潜在的风险,防患于未然。 4. Benchmark构建:构建并维护智能化服务领域的代表性benchmark,确保评测标准的科学性与可扩展性。 5. 数据驱动决策:通过数据分析与挖掘,识别智能化服务系统的性能瓶颈,并提出改进方案。 6. 跨业务协作:与多个智能体研发团队、产品团队紧密合作,确保评测体系与业务需求的高度匹配,推动产品的持续优化。 7. 技术前沿探索:跟踪智能化服务领域的最新技术动态,探索并落地创新评测方法。
研究领域: 人工智能 项目简介: 内生安全是近年来大语言模型研发中的一个关键研究方向。随着模型能力的快速增长,特别是推理模型,通过慢思考LongCoT的方式极大的提升了能力达到专家水平,然而强大能力也带来了潜在的安全风险。内生安全的目标是通过设计模型架构、推理机制或训练流程,使得模型在底层逻辑中具备一致性、自我审查和误差控制的能力,从本质上降低安全隐患,而不是简单依赖筛查和围栏过滤。 对于推理模型的内生安全而言,其主要难点在于 1. 可解释性不足,缺乏启发式策略和理论的结合。没有对推理模型有专门的内生安全性质的定义,形成数学的框架 2. 对抗能力缺失。由于模型较新且运行成本大,目前已有的jailbreak方法依赖大量试错的尝试,很难形成有效的攻防相互促进 3. 动态推理过程的监督。由于推理模型将思考过程进行展示,以往工作只关注在最后模型回复阶段,忽略了推理过程可能包含的风险 因此,可以再一下方向进行相关研究 1. 安全高效评估框架:针对推理模型研发专门的red team方法进行内生安全评估 2. 对抗训练:提出高效的对抗方法,通过posttrain方式提升内生安全 3. 内生安全奖励:在GRPO过程中,除了回复的helpful,也考虑harmless 4. 多模态场景下的推理安全:对图文视频音频等多模态输入,均在思考过程中进行安全检查等
Are you ready to shape the future of manufacturing and innovation? Join our dynamic team at the Digital Industries Motion Control Factory in Nanjing as a Procurement Engineer (PE) Team Leader! Mission of Function? As a Procurement Engineer Team Leader, you will be instrumental in ensuring early involvement of Procurement and suppliers across the entire product journey – from PLM and development to manufacturing. You'll monitor current products to minimize costs, enhance resilience, and drive innovation and sustainability, all while expertly managing interfaces with product development functions. Your leadership will guide cross-functional teams in sourcing the right materials and defining/implementing SNC's material sourcing strategy to meet our growing demands. What will be my responsibilities? In this role, you will: • Lead and Develop the PE Team: Provide strong leadership, mentorship, and coaching to the Procurement Engineer team, fostering a culture of excellence, collaboration, and continuous improvement. Set clear objectives, manage performance, and support the professional growth of your team members- while you will also directly drive key projects as a Procurement Engineer • Drive Early Procurement Involvement: Actively engage with portfolio management before R&D activities commence. Take an active role in product development and manufacturing to ensure all supplier interactions enhance resilience, innovation, and sustainability, reduce complexity, and achieve ambitious product cost targets • Foster Strategic Collaboration: Build strong partnerships with the R&D community, product management, and PLM teams. Internally, you'll drive collaboration across procurement functions, including Commodity Managers, Local Buyers, and CVEs (Cost Value Engineers) • Align and Deploy Strategy: Ensure seamless alignment between product and procurement strategies, with your procurement strategy actively supporting the PLM team's ambitions, including sustainability and innovation goals. You'll introduce technology roadmaps and facilitate cross-functional discussions, ensuring sourcing decisions align with procurement and safeguard security strategies • Ensure Material Resilience in Design: Drive material localization and the development/introduction of second sources to optimize our supplier base. Support R&D in component selection during the design phase and secure material availability for new components in new projects before mass production • Lead Early Supplier Involvement: Organize and lead innovation workshops and concept competitions/projects to achieve the best cost-benefit position and harness external expertise • Advance Sustainability Goals: Consult with and inspire development teams to design and implement sustainable solutions in product design and procurement. Collaborate with suppliers and internal teams to co-develop products that meet stringent sustainability criteria and standards (e.g., RED KPIs and ECO criteria). Implement Carbon Shadow Pricing to integrate the environmental impact of products and materials into procurement decisions