What Jobs are available for Application Security in Hong Kong?

Job Responsibilities

• Participate in code audit and security testing of the company's internal application systems, discover and fix potential security issues
• Promote the implementation of security SDL (Security Development Lifecycle) in the R&D process, participate in security solution review, security design and technical evaluation
• Participate in red team exercises, act as the attacker, and conduct vulnerability mining and security research on internal targets of the company
• Track and study the latest security vulnerabilities at home and abroad, analyze their principles and transform them into attack capabilities in attack and defense exercises
• Cooperate with development, operation and maintenance, IT and other teams to formulate and promote the implementation of security reinforcement plans

Skill Requirements

• Familiar with mainstream programming languages, and have relevant experience in code audit and penetration testing
• Familiar with security development processes, security design and technical evaluation methods
• Understand blockchain-related knowledge, especially Ethereum and Solidity language
• Master red team attack and defense related technologies, including but not limited to: vulnerability mining, anti-killing, traffic obfuscation, intranet penetration, domain penetration, etc
• Master common attack and defense skills, including reverse engineering, white box testing, security reinforcement, etc
• Have strong learning and research abilities, and have a strong interest in emerging security technologies and new vulnerabilities
• Have good teamwork, communication and document writing skills

About OKX
At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.

We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.

Responsibilities

• Identify and address security vulnerabilities in code, systems, and networks using manual review, automated tools, and threat modeling.
• Manage and optimize application security tools, processes, and alerts.
• Validate and respond to Bug Bounty submissions.
• Stay informed on the latest offensive security techniques, application security threats, and best practices, and suggest improvements to enhance our security posture.
• Produce detailed reports of your findings, present them to both management and technical teams, and contribute to preventing real-world attacks.
• Collaborate with development teams to implement secure coding practices.
• Work alongside other teams, including operations and compliance, to ensure that security is a consistent priority across the organization.
• Participate in incident response and management activities.

Qualifications

• 3+ years of experience in offensive security techniques.
• In-depth understanding of security risks, vulnerabilities, and concepts in web and mobile applications.
• Proficient in code review, particularly with Kotlin/Swift/Typescript/JavaScript, with a strong grasp of application security threats.
• Ability to create proof-of-concepts (PoCs) to demonstrate vulnerabilities, review patch code for adherence to standards, and collaborate with repository owners and maintainers.
• Strong analytical and problem-solving abilities.
• Excellent verbal and written communication skills.

Nice-to-have

• Prior experience in developing mobile security SDKs with a daily active user base of over ten million is preferred.
• Participated in large-scale business risk control projects, or have practical experience in threat intelligence/business risk prevention, and analysis/countermeasures against black and gray industries.
• In-depth reverse engineering of major apps from first-tier vendors, or other experiences/projects that demonstrate reverse engineering capabilities.
• Priority given to candidates who can simultaneously master relevant technologies on multiple platforms.
• Proficient in ARM assembly, capable of deep-level countermeasures at the native and application layers.
• Have certain capabilities in device fingerprint recognition, able to simulate new devices through methods such as flashing, modification, and application cloning.

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• More that we love to tell you along the process

Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to OKX's Candidate Privacy Notice.

Key Responsibilities:

• Conduct thorough security assessments and code reviews to identify vulnerabilities in applications
• Develop and implement effective solutions to remediate security issues
• Collaborate with development teams to integrate security best practices throughout the software lifecycle
• Maintain up-to-date knowledge of regulatory requirements and ensure compliance
• Liaise with external authorities and regulatory bodies on security-related matters
• Provide expert guidance on application security architecture and risk mitigation strategies

Qualifications:

• Proven experience in information security, preferably within a Big 4 consultancy or banking environment
• Strong understanding of application security principles, secure coding practices, and vulnerability management
• Demonstrated ability to engage with regulatory bodies and communicate technical issues clearly
• Familiarity with security tools and frameworks (e.g., OWASP, SAST/DAST tools)
• Relevant certifications (e.g., CISSP, CISM, OSCP) are a plus

Key Responsibilities:

• Conduct thorough security assessments and code reviews to identify vulnerabilities in applications
• Develop and implement effective solutions to remediate security issues
• Collaborate with development teams to integrate security best practices throughout the software lifecycle
• Maintain up-to-date knowledge of regulatory requirements and ensure compliance
• Liaise with external authorities and regulatory bodies on security-related matters
• Provide expert guidance on application security architecture and risk mitigation strategies

Qualifications:

• Proven experience in information security, preferably within a Big 4 consultancy or banking environment
• Strong understanding of application security principles, secure coding practices, and vulnerability management
• Demonstrated ability to engage with regulatory bodies and communicate technical issues clearly
• Familiarity with security tools and frameworks (e.g., OWASP, SAST/DAST tools)
• Relevant certifications (e.g., CISSP, CISM, OSCP) are a plus

About Us

Founded in 1956, Maxim's Group is one of Asia's leading food and beverage companies, operating Chinese, Western, Japanese and Southeast Asian restaurants, quick service outlets, bakery shops and cafes, and an institutional catering service. Maxim's Group also produces a range of festive products, including the award-winning Hong Kong MX Mooncakes, and is a licensee of Starbucks Coffee, Genki Sushi, IPPUDO, The Cheesecake Factory and Shake Shack in various territories. Altogether, the Group has over 40,000 employees and 2,000 outlets in Asia.

Proud of our heritage and humbled by our success, we are committed to a sustainable and innovative future. To learn more about Maxim's, visit

Job Responsibilities:

• Conduct technical security assessments on IT and digital initiatives, with a focus on application security
• Identify and mitigate security vulnerabilities in applications, APIs, and software development processes
• Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC) and CI/CD pipelines
• Develop and enforce secure coding standards and guidelines for application development
• Assess and implement tools and technologies for application security testing (e.g., SAST, DAST, SCA)
• Provide awareness training on application security best practices
• Investigate and manage application-related cybersecurity incidents
• Stay updated on emerging application security threats and trends to proactively address risks
• Assist in defining technical solutions to protect company assets, with a focus on application security
• Regularly review internal policies and global standards (e.g., NIST, ISO 27001, PCI DSS) to ensure ongoing compliance
• Assist IT teams in internal and external audits, including pre-audit review, liaison with auditors and stakeholders, and post-audit follow-up
• Investigate and manage cyber security incidents

Job Requirements:

• Minimum 8 years or more of hands-on experience in application security, preferably in a sizable organization with a regional presence in AP (e.g., China, Southeast Asian Market)
• Strong practical experience in application security testing, vulnerability management, and secure coding practices
• Familiarity with application security tools (e.g., Burp Suite, Veracode, SonarQube, OWASP ZAP) and methodologies (e.g., OWASP Top 10)
• Knowledge of integrating security into DevOps practices (DevSecOps) and CI/CD pipelines
• Excellent communication and interpersonal skills to collaborate with development teams and stakeholders
• Proactive, problem-solving mindset with the ability to work under pressure
• Possession of relevant certifications (e.g., OSCP, CISSP, CEH, GWAPT, CSSLP) is a strong advantage

Interested parties please apply with full resume, state current and expected salaries by clicking
"Apply Now".

All applications and data collected will be treated in strict confidence and used exclusively for recruitment purposes. Only short listed candidates will be invited for interview. The company will retain the applications for a maximum period of 24 months and may refer suitable candidates to other vacancies within the Group.

Position 1: Application Security Manager

Job duties:

• Security Policy Development: Create and maintain comprehensive security policies, standards, and procedures to safeguard the organization's information systems.
• Incident Response Management: Lead the response to security incidents, ensuring timely resolution and documentation of incidents while coordinating with relevant teams.
• Risk Assessment: Conduct regular risk assessments to identify vulnerabilities within the organization's infrastructure and recommend appropriate mitigation strategies.
• Security Awareness Training: Develop and implement training programs to educate employees on security best practices, ensuring compliance with established protocols.
• Vendor Management: Collaborate with third-party vendors to assess their security measures, conduct site visits, and ensure compliance with organizational standards.
• Compliance Support: Assist in audits and assessments by providing necessary documentation and evidence related to security controls and practices.
• Reporting & Metrics: Generate regular reports on the organization's security posture, including vulnerability management metrics, incident response statistics, and compliance status.
• Collaboration & Communication: Work closely with cross-functional teams to promote a culture of security awareness throughout the organization. Serve as a point of contact for all security-related inquiries.
• Continuous Improvement: Stay updated on emerging threats and trends in cybersecurity. Recommend improvements to existing processes based on industry best practices.

Requirements:

Bachelor's degree in Information Security, Computer Science, or a related field.

Proven experience in information security management or a similar role.

Strong understanding of cybersecurity frameworks (e.g., NIST, ISO

Excellent analytical skills with the ability to assess complex situations.

Strong communication skills for effective collaboration across departments.

Relevant certifications (e.g., CISSP, CISM) are preferred but not mandatory.

Working location: Causeway Bay

Position 2: Security Engineer

responsible for to design, implement, and support advanced cybersecurity solutions, to bridge the gap between technical cybersecurity capabilities and business needs, ensuring that security strategies align with organizational goals and regulatory requirements.

Engage with clients to understand their cybersecurity challenges and business objectives.

Design and propose tailored cybersecurity solutions, including network security, endpoint protection, identity and access management (IAM), and cloud security.

Lead the implementation and integration of cybersecurity technologies and services.

Conduct risk assessments, gap analyses, and security architecture reviews.

Provide technical guidance on compliance with standards such as ISO 27001, NIST, GDPR, and local regulations.

Collaborate with internal teams and vendors to deliver end-to-end security solutions.

Prepare and deliver technical documentation, proposals, and presentations.

Stay current with emerging threats, technologies, and industry trends.

Requirements:

Degree in Information Security, Computer Science, or a related field.

Knowledge of cybersecurity technologies (e.g., firewalls, SIEM, EDR, IAM, DLP).

Excellent communication and client engagement skills.

Working location: Olympic City Area

Please send resume with expected salary in word format via email: (email redacted, apply via Company website)

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.

Temporary,Contract

We are seeking a skilled Application Security Architect to join our team and lead efforts to design and implement secure software solutions. This role involves collaborating with development teams to ensure that security is integrated into the software development lifecycle. The ideal candidate will have a deep understanding of application security principles and a strong background in software development and security architecture.

Key Responsibilities:

• Design and implement security architecture solutions to protect applications and data across the organization.
• Collaborate with development teams to integrate security best practices into the software development lifecycle.
• Conduct security assessments and code reviews to identify vulnerabilities in applications and provide guidance for remediation.
• Develop and maintain security policies, standards, and guidelines for application security.
• Evaluate and recommend security tools and technologies to enhance application security posture.
• Stay current with emerging security threats and vulnerabilities, and proactively address them within the organization.
• Provide training and mentorship to development teams on secure coding practices and application security awareness.
• Participate in incident response activities, providing expertise in application security to help resolve security incidents.
• Work with cross-functional teams to ensure security requirements are met for new and existing applications.
• Develop and maintain documentation related to application security architecture and practices.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 7+ years of experience in application security or software development with a focus on security.
• Strong understanding of application security principles, vulnerabilities, and mitigation techniques (e.g., OWASP Top Ten).
• Experience with secure coding practices and security testing methodologies.
• Proficiency in programming languages such as Java, C#, Python, or JavaScript.
• Familiarity with application security tools and technologies (e.g., static and dynamic analysis tools, web application firewalls).
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to work effectively with development teams and other stakeholders.
• Relevant certifications such as CISSP, CSSLP, or CEH are a plus.

If this outstanding opportunity sounds like your next career move, please submit your resume in Word format via the Quick Apply Button.

We are seeking a skilled
Application Security Architect
to join our team and lead efforts to design and implement secure software solutions. This role involves collaborating with development teams to ensure that security is integrated into the software development lifecycle. The ideal candidate will have a deep understanding of application security principles and a strong background in software development and security architecture.

Key Responsibilities:

• Design and implement security architecture solutions to protect applications and data across the organization.
• Collaborate with development teams to integrate security best practices into the software development lifecycle.
• Conduct security assessments and code reviews to identify vulnerabilities in applications and provide guidance for remediation.
• Develop and maintain security policies, standards, and guidelines for application security.
• Evaluate and recommend security tools and technologies to enhance application security posture.
• Stay current with emerging security threats and vulnerabilities, and proactively address them within the organization.
• Provide training and mentorship to development teams on secure coding practices and application security awareness.
• Participate in incident response activities, providing expertise in application security to help resolve security incidents.
• Work with cross-functional teams to ensure security requirements are met for new and existing applications.
• Develop and maintain documentation related to application security architecture and practices.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 7+ years of experience in application security or software development with a focus on security.
• Strong understanding of application security principles, vulnerabilities, and mitigation techniques (e.g., OWASP Top Ten).
• Experience with secure coding practices and security testing methodologies.
• Proficiency in programming languages such as Java, C#, Python, or JavaScript.
• Familiarity with application security tools and technologies (e.g., static and dynamic analysis tools, web application firewalls).
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to work effectively with development teams and other stakeholders.
• Relevant certifications such as CISSP, CSSLP, or CEH are a plus.

BBPOS is one of the world leaders in payment devices and the inventors of mPOS technology.  BBPOS products are used by large retailers and leading online platforms across multiple industries.  BBPOS is engaged in the business of manufacturing and supplying mobile and smart point-of-sale hardware, and the underlying software and infrastructure to deploy, manage and monitor those devices.  BBPOS is now part of Stripe's Terminal business since the acquisition in March 2022.

Post acquisition, the BBPOS team is now an extension of the Stripe Terminal team.  Stripe Terminal helps Stripe users extend their online presence into the physical world. The Terminal team's mission is to make it as easy for businesses to accept in-person payments as the Stripe API has done for online payments. With Terminal, businesses can unlock in-person payments use cases that are right for their business model—whether it's creating a flagship retail experience, extending their website to a pop-up store, or enabling a mobile point-of-sale at their next event.

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities.

• Conduct vulnerability assessments, threat modeling, and penetration testing of web applications to identify security vulnerabilities and weaknesses.
• Perform code reviews and analyze application designs to identify and mitigate security risks.
• Develop and implement secure coding standards and practices for application development.
• Collaborate with the software team to integrate security into the software development life cycle (SDLC) and assist in setting up the security pipeline for integration.
• Provide guidance and recommendations to the software team on how to remediate identified security vulnerabilities and weaknesses.
• Participate in all security-related initiatives such as bug bounty programs, hacker challenges, and penetration tests, and assist in defining the scope and testing approach for all assessments or programs.
• Engage in incident response activities, triage, investigate, and respond to security incidents.
• Stay up-to-date with the latest security threats, vulnerabilities, and technologies.
• Report to the Cyber Security Manager.

• Bachelor's degree in computer science, information security, or a related field.
• 2+ years of experience in an application security role.
• Strong knowledge of web application security concepts and techniques.
• Experience with vulnerability assessment and penetration testing tools, such as Burp Suite, Nmap, and Metasploit, will be an advantage.
• Experience with programming languages, such as Java, Python, and .NET.
• Familiarity with web application development frameworks, such as Spring and React.
• Knowledge of security standards and frameworks, such as OWASP, NIST, and ISO.
• Understanding of cloud service providers and their offerings, preferably AWS, and its technologies and services will be an advantage.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Candidates with less experience will be considered for the role of Application Security Analyst.

For more information of the BBPOS and our career opportunities, please visit our website

We offer long-term career prospect and competitive remuneration package to the appointed candidate.

Personal data collected will be used for recruitment purposes only. Applicants not contacted within 8 weeks of applying should consider their applications unsuccessful.