Lead the architecture and core development of the company’s end-to-end DevSecOps platform, security products, and SDKs/Agents, covering code, build, artifacts, images, deployment, and runtime security.
Own the design and development of RASP / Java Agent runtime protection, leveraging ASM, ByteBuddy, and Java Instrumentation for bytecode enhancement, runtime hooks, detection and blocking engines, while continuously improving performance, stability, and compatibility.
Build and integrate SAST, DAST, IAST, SCA, code security scanning, and image security scanning into CI/CD workflows, and drive deep integration of tools such as SonarQube and Coverity to form a closed loop of scanning, gating, remediation, and re-validation.
Drive core application security protection and offensive/defensive capabilities across scenarios such as XSS, SQL injection, SSRF, deserialization, command execution, authentication/authorization flaws, privilege escalation, and API security.
Advance AI-Native Security Engineering by applying LLMs and AI Agents to vulnerability analysis, rule generation, false-positive reduction, remediation suggestions, security knowledge management, and workflow automation, while building deep understanding of their architecture, principles, and security implications.
Partner closely with business engineering teams to drive security standards, integration rules, quality gates, risk classification, remediation workflows, and overall security governance adoption.
Collaborate with engineering, architecture, operations, QA, and business stakeholders to solve complex security problems and turn them into scalable product capabilities, engineering solutions, and governance mechanisms.