Job Information
Philips Information Security and Exposure Management Officer in Shanghai, China
Position Summary:
As a technically focused Exposure Management Engineer based in mainland China, you will discover, evaluate, and reduce exposures across China‑based R&D labs, managed cloud workloads, manufacturing IT systems, and supplier integrations. You will operationalize tooling, apply China‑specific threat intelligence, and identify remediation and containment actions that respect both China regulations and global healthcare compliance (e.g., medical device regulations, data protection). This role emphasizes hands‑on technical delivery, close coordination with R&D engineering teams, China IT and collaboration with the global security organization.
Duties and Responsibilities:
Obtain vulnerability scanning, asset discovery, and attack‑surface data across China endpoints, on-prem environments and managed Clouds (including China-specific cloud environments such as Alibaba Cloud).
Correlate multi‑source telemetry (EDR/XDR, Cloud events, Network flows, SIEM) to produce contextual risk assessments for exposures affecting IP risks / data exfiltration risks, vulnerabilities or regulatory compliance.
In close collaboration with business and system owners, identify technical remediation and mitigation for high/critical exposures: produce step‑by‑step remediation guidance, validate fixes, and coordinate respective teams or suppliers.
Identify blind spots to local collectors/agents, work with business and systems owners, and global teams to on-board new collectors or agents.
Execute both internal and external attack surface assessments and targeted reconnaissance for China‑facing websites or API services, supplier integrations, WeChat MiniApps, Philips consumed Cloud services etc.
Determine China‑specific threat intelligence (such as local actors or supply‑chain risks) as input into global exposure management threat and use case deployments.
Assess and qualify security vendors/tools for China deployment (on‑prem or local partners) and evaluate their fit.
Create and maintain technical runbooks, SOPs, and playbooks for exposure management in China.
Education/Skills and Experience Requirements:
Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience. Experience in industrial or healthcare environments is strongly preferred.
5+ years hands‑on experience in vulnerability management, attack‑surface discovery, cloud/OT security.
Practical experience with global cloud providers such as AWS or Azure, and at least Chinese cloud providers such as Alibaba Cloud — security features, logging, and APIs.
Strong tooling experience: vulnerability scanners (e.g. Nessus/Qualys), web app scanners, network scanning (Nmap), and EDR/XDR platforms.
Solid Linux/Windows administration, networking, and protocols knowledge.
Proficient scripting/automation skills (Python, Bash, or similar) to automate ingestion, triage, and remediation workflows.
Understanding of China Cybersecurity and regulations – a plus is having familiarity with regulatory aspects affecting medical device manufacturing.
Certifications: CISSP, OSCP or relevant information security certs.
Experience with infrastructure-as-code scanning, container security, software repositories (GitHub / Azure DevOps), CI/CD build pipelines, Secure DevOps..
Experience working in a large global organization with practical experience in a highly regulated environment. Experience in Health information security is a plus
Strong interpersonal skills – communication, presentation, ability to influence and lead
Self-motivated, positive attitude, and results-oriented
Proficient in English both written and oral.
How we work together
We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week.
Onsite roles require full-time presence in the company’s facilities.
Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations.
Indicate if this role is an office/field/onsite role.
About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
Learn more about our business.
Discover our rich and exciting history.
Learn more about our purpose.
If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here.