1. Penetration testing and vulnerability mining for company projects and services. 2. Red and blue teams. 3. Research on the new directions and technologies of vulnerabilities. 4. Security risk assessment of company's online applications and services. 5. Track international information security related research and provide security training within the company.