阿里巴巴LAZADA-Red Team & Sec Test / Specialist-Hangzhou
任职要求
What You Need Required Experience ● 5-8+ years in offensive security (Red Team, Penetration Testing, Adversary Emulation) ● Deep expertise in at least 3 domains: Web/API, Cloud, Active Directory, Mobile, or AI/ML security ● Proficiency in Python, Go, C#, PowerShell/Bash for exploit development ● Hands-on experience with C2 frameworks (Cobalt Strike, Havoc, Sliver), Metasploit, Burp Suite Pro ● Strong understanding of Windows/Linux internals, networking, and enterprise architectures ● Experience with MITRE ATT&CK® and / or ATLAS® framework and Purple Team engagements Preferred ● Advanced certifications: OSEP, OSWE, OSED, GXPN, CRTE/CRTO, CCT Web/INF ● Public security contributions: CVEs, open-source tools, conference talks, research ● Experience with AI/LLM security, blockchain, IoT, or e-commerce platforms ● Bachelor's in Computer Science, Cybersecurity, or equivalent experience What Makes You Great ● Adversarial mindset: Creative and persistent in finding non-obvious attack paths ● Technical depth: Can develop custom exploits and explain complex risks clearly ● Collaborative: Committed to making Blue Teams stronger through your attacks ● Ethical: Unwavering professionalism with sensitive systems and data ● Continuous learner: Passionate about pushing offensive security boundaries Ready to be the threat that makes us stronger? Join our team !
工作职责
Execute sophisticated adversary emulation campaigns that mirror real-world threat actors. You'll be the attacker that helps make our defenses stronger. Core Responsibilities ● Plan and execute full-spectrum red team operations using MITRE ATT&CK® & ATLAS frameworks ● Simulate advanced persistent threats across web, mobile, cloud, and enterprise environments ● Bypass cutting-edge security controls (EDR, NDR, WAFs, SIEM/SOAR) to test real-world resilience ● Develop custom exploits and tools in Python, Go, C#, PowerShell, or Rust ● Collaborate with Blue Teams in Purple Team exercises to enhance detection capabilities ● Research emerging threats targeting e-commerce platforms ● Deliver actionable findings to technical teams and executives Attack Domains ● Web & API: Business logic flaws, SSRF, OAuth/JWT attacks, injection vulnerabilities, OWASP top 10. ● Mobile: iOS/Android: reverse engineering, OWASP MASTG ● Cloud & AD: Multi-cloud attacks (AWS, GCP, Azure), Kerberoasting, DCSync, Golden Ticket attacks ● Emerging Tech: AI/ML systems, serverless, containers, identity frameworks
参与语言大模型、视觉大模型、语音大模型、多模态大模型的应用评测与研究工作,具体工作内容包括但不限于: - 从大模型应用视角出发,建设科学、全面的大模型评测体系,制定并实施评测标准与评测方案。 - 对数据进行处理、理解,建设高质量数据pipeline,并基于科学、全面的评估体系构建数据集,系统评估模型能力,产出评测报告,指引大模型相应能力的提升。 - 利用大模型辅助、替代人工标注,准确、高效的进行半自动化、自动化的模型评测,降低评测成本、提升评测效率。 - 利用大模型进行自动化的Red Team,系统的发现9.11和9.8谁大答错等典型模型能力短板,以及模型发生涉政涉黄涉及未成年人等不当回复的风险。 - 对模型评测中发现的模型能力短板、模型能力变化、不符合认知的异常进行研究分析,产出研究分析结论,指引大模型相应能力的提升。具体研究项包括不限于数据、模型结构、训练方式对各类模型能力的影响,以数据相关研究为例,包括不限于研究不同数据类型、不同数据配比、不同数据加入时机、不同数据规模等变量对各类模型能力的影响。 - 紧密关注大模型方向的前沿技术进展,积极主动地学习和探索新数据分析、模型训练以及模型评测方法。 - 紧密关注大模型应用落地的行业最新进展,结合行业进展思考大模型评测、训练的发展趋势,对模型评测体系、机制进行迭代。
我们是致力于推动智能化服务技术革新的创新团队,专注于为全行业提供高效、智能的解决方案。我们的业务涵盖智能客服、智能培训、智能质检等多个领域。 我们团队正在建设“评测数字员工”,旨在通过标准化、智能化的评测手段,推动AI智能服务的全面升级,并打造行业领先和有代表性的评测体系与benchmark。 如果你对AI、NLP、数据挖掘、评测等领域充满热情,并希望在一个充满挑战与机遇的环境中快速成长,那么加入我们,一起定义未来智能化服务的新标准! 【职位描述】 1. 评测体系设计:参与设计并优化智能化服务(包括智能客服、智能培训、智能质检等)的评测体系,涵盖对话质量、操作质量、培训效果、拟人化、用户满意等核心指标。 2. 评测开发与优化: ○ 研发并优化基于LLM-as-Judge的评测能力,包括但不限于对话生成质量评估、意图识别准确率、多轮对话一致性等。 ○ 探索agent在复杂任务中的性能评测方法,如任务规划、SOP遵循、RAG、多模态交互等。 3. Red-team:针对agent系统的弱点进行攻击,找到系统潜在的风险,防患于未然。 4. Benchmark构建:构建并维护智能化服务领域的代表性benchmark,确保评测标准的科学性与可扩展性。 5. 数据驱动决策:通过数据分析与挖掘,识别智能化服务系统的性能瓶颈,并提出改进方案。 6. 跨业务协作:与多个智能体研发团队、产品团队紧密合作,确保评测体系与业务需求的高度匹配,推动产品的持续优化。 7. 技术前沿探索:跟踪智能化服务领域的最新技术动态,探索并落地创新评测方法。
研究领域: 人工智能 项目简介: 内生安全是近年来大语言模型研发中的一个关键研究方向。随着模型能力的快速增长,特别是推理模型,通过慢思考LongCoT的方式极大的提升了能力达到专家水平,然而强大能力也带来了潜在的安全风险。内生安全的目标是通过设计模型架构、推理机制或训练流程,使得模型在底层逻辑中具备一致性、自我审查和误差控制的能力,从本质上降低安全隐患,而不是简单依赖筛查和围栏过滤。 对于推理模型的内生安全而言,其主要难点在于 1. 可解释性不足,缺乏启发式策略和理论的结合。没有对推理模型有专门的内生安全性质的定义,形成数学的框架 2. 对抗能力缺失。由于模型较新且运行成本大,目前已有的jailbreak方法依赖大量试错的尝试,很难形成有效的攻防相互促进 3. 动态推理过程的监督。由于推理模型将思考过程进行展示,以往工作只关注在最后模型回复阶段,忽略了推理过程可能包含的风险 因此,可以再一下方向进行相关研究 1. 安全高效评估框架:针对推理模型研发专门的red team方法进行内生安全评估 2. 对抗训练:提出高效的对抗方法,通过posttrain方式提升内生安全 3. 内生安全奖励:在GRPO过程中,除了回复的helpful,也考虑harmless 4. 多模态场景下的推理安全:对图文视频音频等多模态输入,均在思考过程中进行安全检查等
Ant Group’s Global Compliance Policies is looking for an individual who will be part of a growing and dynamic team supporting, which overseas policies and implementation of various compliance functions, including but not limited to Sanctions, Export Controls, Antitrust, ABAC, Cross-Border Data Privacy, Prohibited and Restricted Product, and responses to government investigations. [This individual reports directly to the Group Head of Global Compliance Policies.]We are looking to hire a detail-oriented, hard-working Compliance Officer to join Ant Group's Global Compliance Policies team, responsible for Prohibited and Restricted Product Compliance. This person will work closely with in-house commercial lawyers, risk management, other legal/compliance professionals, as well as business and operations teams. The ideal candidate will be a confident self-starter with strong subject matter expertise, interpersonal and organizational skills, and demonstrable ability to effectively and proactively engage and partner with the business in a fast-paced and engaging environment. Responsibilities: ● Owning the end-to-end Prohibited and Restricted Product compliance program and strategy, including the development of policies, standards, and other procedural or guidance materials. ● Providing day-to-day guidance for designing Prohibited and Restricted Product screening platforms and controls for Ant International’s services and all applicable Prohibited and Restricted Product related regulations. ● Planning, designing, developing and testing configurations for Prohibited and Restricted Product screening applications. ● Performing data analysis, designing business requirements, understanding emerging issues, performing estimation and verify implementation of new features and enhancements. ● Identifying, assessing, and advising on compliance risks and control enhancements to a variety of stakeholders and customers to mitigate risks related to Prohibited and Restricted Product. ● Providing advice to the businesses on an ongoing basis on new business initiatives, new products, and customer-related matters with respect to applicability of policies, resolution of potential red flags or other compliance escalations. ● Researching, analyzing and providing recommended remediation efforts on action plans for matters that present Prohibited and Restricted Product and/or reputational risk. ● Overseeing control assessments and supporting the completion of company-wide Prohibited and Restricted Product Risk Assessments. ● Staying current on key Prohibited and Restricted Product regulatory changes, key enforcement actions and related industry trends. ● Collaborating closely with the Compliance Operations team to operationalize the Prohibited and Restricted Product Compliance program. ● Working closely with Legal to respond to any government inquiries relating to Prohibited and Restricted Product.