-
Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.
-
Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.
-
Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.
-
Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.
-
Advance AI-Native Security Engineering by applying LLMs and AI Agents to vulnerability analysis, rule generation, false-positive reduction, remediation suggestions, security knowledge management, and workflow automation, while building deep understanding of their architecture, principles, and security implications.
-
Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.
-
Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.