What Jobs are available for Cloud Security in Hong Kong?

Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to solve the most complex challenges. QRT's culture of innovation continuously drives our ambition to deliver high quality returns for our investors.

Your Role at QRT

In this role, you will be responsible for securing and optimising our AWS cloud infrastructure. You will implement critical security controls and enhancements while collaborating with stakeholders across the business from IT and operations to risk management and executive leadership to ensure alignment with our overall security objectives.

• Cloud Security Implementation:
  Assist in refining our AWS security strategy by applying industry-standard controls and continuously enhancing our cloud security posture.
• IAM & Access Management:
  Help manage and optimise Identity and Access Management (IAM) frameworks, including the application of permission boundaries to enforce least privilege access.
• Policy Enforcement:
  Support the implementation and upkeep our Service Control Policies (SCP) and Resource Control Policies (RCP) across AWS accounts to ensure the consistent application of security best practices.
• Security Services Integration:
  Deploy and manage AWS security services (e.g., GuardDuty, Security Hub, CloudTrail, Config) to monitor, detect, and respond to threats while ensuring continuous security oversight.
• Encryption & Data Protection:
  Support the integration of encryption solutions such as KMS to protect sensitive data and maintain compliance with regulatory standards.
• Security Baselining:
  Help establish and maintain security baselines for AWS environments, continuously monitoring for deviations and ensuring adherence to compliance requirements.
• Automation Frameworks:
  Contribute to the development and deploy robust automation frameworks using Infrastructure as Code (IaC) tools such as Terraform or CloudFormation, enhancing operational efficiency and supporting proactive security improvements.
• Cloud Security Operations:
  Enhance our cloud security operations by leveraging tools and methodologies across CSPM, CWNP, and ASPM frameworks to continuously monitor, detect, and respond to security issues.
• Stakeholder Management:
  Engage with a wide range of stakeholders across the business to ensure the integration and alignment of security measures across all operational areas.

Your Skillset

• Experience:
  Minimum of 3 years in cloud security, platform security, or engineering roles, including related experience in fields such as DevSecOps.
• AWS Expertise:
  Experience with AWS cloud services and a deep understanding of AWS security best practices, including expertise in IAM, permission boundaries, SCP, and RCP.
• Technical Proficiency:
  Experience implementing and optimising secure cloud architectures while leveraging AWS security services to mitigate risks and protect critical assets.
• Security Baselining:
  Demonstrable experience in establishing and maintaining security baselines to ensure consistent and compliant cloud configurations.
• Automation & IaC:
  Exposure Infrastructure as Code (IaC) tools such as Terraform or CloudFormation, with a strong focus on developing and managing stable automation frameworks.
• Python Scripting:
  Familiarity in Python scripting to support automation and security tooling.
• Cloud Security Operations:
  Familiarity in managing cloud security operations utilising tools such as CSPM, CWNP, and ASPM to maintain continuous compliance and security oversight.
• Stakeholder Engagement:
  Experience in managing stakeholder relationships and collaborate effectively across various teams to align security initiatives with broader business objectives.
• Analytical & Collaborative:
  Strong problem-solving and analytical skills, with effective verbal and written communication to thrive in a dynamic, high-paced environment.
• Learning Orientation:
  Strong desire to grow within the cloud and security space, taking initiative and seeking mentorship where needed.

QRT is an equal opportunity employer. We welcome diversity as essential to our success. QRT empowers employees to work openly and respectfully to achieve collective success. In addition to professional achievement, we are offering initiatives and programs to enable employees achieve a healthy work-life balance.

Job Duties:

• To manage the project of enhancing internal platform to meet the new requirements of IT Security Policy and Guidelines
• To review and take stock of the existing IT security measures
• To formulate an implementation plan for the security enhancements of the internal platform to eliminate the gap between existing and new security requirements
• To review the implementation of the enhancements so that the internal platform can fulfill the new security requirements
• To provide technical advice and support during the implementation
• To coordinate with contractors, other internal teams and tenants for the implementation

Job Requirement:

• Higher Diploma or above in Computer Science or related subjects
• At least 8 years' experience in IT industry
• Must possess sound technical knowledge and experience in IT security and cloud infrastructure
• Must have at least 3 years' work experience in IT security operations of private cloud platform
• Preferably have experience in managing outsourced contractor for IT security projects
• Competent communication skills, both verbal and written, and interpersonal techniques

If interested in the above post, please send full resume with academic background, work history, current and expected salary via

For more job opportunity, please visit our website:

The personal information collected is strictly for recruitment purpose only.

Job Responsibilities:

• Responsible for managing information security and infrastructure systems to ensure the smooth operation of all enterprise systems and network
• Support day-to-day monitoring and control of information security program, systems, configuration, patching and backup
• Assist in conducting risk assessment and information security review of internal operations, vulnerability assessments and tests for enterprise continuous improvement
• Assist in developing and continuously improve the information security issues and resolve the audit findings
• Coordinate implementation and validation of information security controls
• Monitor and assess information security violations incidents and responses
• Troubleshooting and provide technical support for information security solutions
• Assist in preparing training materials to promote information security awareness across the enterprise
• Maintain up-to-date inventory on infrastructure equipment and software
• Perform other duties as assigned by the supervisors

Requirements:

• Degree holder in Information Technology, Computer Science or related disciplines
• Holder of CISSP, CISA, CCNA, MCSE or relevant certification preferred
• 2+ years relevant working experience on information security, infrastructure maintenance and technical support
• Experience in developing and implementing information security control process, hands-on working experience in Microsoft Windows Server, Linux, Networking, Firewall, Antivirus, VMware and System Hardening
• Knowledge of ISO27001 or Risk Management is a plus
• Positive, responsible, able to work independently and maintain confidentiality
• Fresh graduates and willing to learn will also be considered

Our client is a well known company in HK and they are looking for a Information Security Engineer to cope with their business.

Responsibilities:

• ISO 27001 Compliance: Develop, implement, and maintain the Information Security Management System (ISMS) in accordance with ISO 27001 standards.
• Risk Assessment: Conduct regular risk assessments and audits to identify vulnerabilities, threats, and risks to the organization's information assets.
• Policy Development: Create and update security policies, procedures, and guidelines to ensure compliance with regulatory requirements and best practices.
• Incident Response: Manage and respond to security incidents, performing root cause analysis and implementing corrective actions to prevent recurrence.
• Training and Awareness: Develop and deliver training programs to promote security awareness among staff and ensure adherence to security protocols.

Requirements:

• Educational Background: Bachelor's degree in Information Technology, Cybersecurity, or a related field; relevant certifications (e.g., CISSP, CISA, CISM) are advantageous.
• Experience: Minimum of 3-5 years in information security roles with a focus on ISO 27001 compliance and security operations.
• Technical Skills: Proficiency in security frameworks, risk management practices, and incident response methodologies; familiarity with security tools and technologies.
• Analytical Skills: Strong analytical and problem-solving skills to assess security risks and develop effective mitigation strategies.
• Communication Skills: Excellent verbal and written communication skills for reporting security issues and training employees on security practices.

Interested parties, please kindly send your CV to , thanks

Please note that only short listed candidates will be notified. All information gathered will be treated in strict confidence and solely used for recruitment purposes

Job Responsibilities:

• Responsible for managing information security and infrastructure systems to ensure the smooth operation of all enterprise systems and network
• Support day-to-day monitoring and control of information security program, systems, configuration, patching and backup
• Assist in conducting risk assessment and information security review of internal operations, vulnerability assessments and tests for enterprise continuous improvement
• Assist in developing and continuously improve the information security issues and resolve the audit findings
• Coordinate implementation and validation of information security controls
• Monitor and assess information security violations incidents and responses
• Troubleshooting and provide technical support for information security solutions
• Assist in preparing training materials to promote information security awareness across the enterprise
• Maintain up-to-date inventory on infrastructure equipment and software
• Perform other duties as assigned by the supervisors

Requirements:

• Degree holder in Information Technology, Computer Science or related disciplines
• Holder of CISSP, CISA, CCNA, MCSE or relevant certification preferred
• 2+ years relevant working experience on information security, infrastructure maintenance and technical support
• Experience in developing and implementing information security control process, hands-on working experience in Microsoft Windows Server, Linux, Networking, Firewall, Antivirus, VMware and System Hardening
• Knowledge of ISO27001 or Risk Management is a plus
• Positive, responsible, able to work independently and maintain confidentiality
• Fresh graduates and willing to learn will also be considered

About the company:

Our client is a leading global professional firm operating in over thirty countries. The Lead Information Security Engineer role's is to safeguard the organization's IT systems and data. This role requires the candidate's active participation in the implementation of security policies and procedures, the monitoring and analysis of security events and the maintenance of security tools. Other responsibilities are to identify, investigate and resolve any security threats, vulnerabilities and incidents. The candidate must keep up to date with the latest security trends, have excellent communication and problem-solving skills and have a deep understanding of security principles and technologies. The individual will have a functional role in mentoring other team members and share the off-hour support responsibilities.

Responsibilities:

• Review, analyze, and monitor security system reports and logs for suspicious activities, trends, and patterns. This includes web filters, mail gateways, firewalls, encryption systems, anti-malware systems, and IDS/IPS.
• Configure, maintain, and administer security products and solutions used within the firm.
• Configure, maintain, and administer firewalls, web proxy devices, data loss prevention systems, and security information event monitoring systems.
• As a member of the Incident Response Team, respond to alerts, warnings, incidents, and help desk tickets to minimize firm asset exposure under the direction of the IS Security Manager.
• Participate in troubleshooting efforts for all IT security-related problems, including managing and using TAM arrangements with specified security vendors.
• Serve as a technician/engineer on IS projects.
• Conduct risk and security reviews on products as directed by the IT Security Manager or IS management.
• Configure access control systems, assigning rights to appropriate resources for users, IS personnel, and vendors.
• Recommend controls to ensure appropriate protection levels and adherence to the overall information security strategy.
• Monitor IS security metrics, including security system logs, Windows server logs, and network monitoring systems.
• Administer systems and processes to monitor and reconcile system patch status and discovered vulnerabilities, managing metrics that provide patch and vulnerability status. Work with responsible groups inside and outside of IT to remediate.
• Provide consultation and conduct internal investigations that may require forensic analysis under the direction of the IT Security Manager and/or IS management.
• Respond to audit findings as directed by the IT Security Manager and/or IT Management.
• Evaluate and recommend commercial security vendors and products.
• Perform other duties as assigned or required.

Qualifications and Experience

• Bachelor's degree in Cybersecurity Engineering or Computer Sciences
• Strong professional experience in information security with a focus on security operations and technical support
• Experience in Microsoft office Suite, iManage or others company technologies
• Expereince in Palo Alto Network's Firewalls and Prisma Access
• Hand on experience with VPN, SSL and other encryption technologies
• Good knowledge of server, workstation, and Active Directory technologies that impact security controls
• Deep understanding of TCP/IP, DNS and common network services
• Experience with security frameworks and compliance requirements such as GDPR, ISO 27001, NIST 800 and PCI DSS.

If you believe you have the right skills, attitude and experience please click 'apply now' below and upload your resume. Alternatively, for a confidential chat, please contact Kevin Ng by applying directly to email  or reach out at

We apologies that only shortlisted candidates will be contacted.

Company Introduction:
*We're home to Asia's most dynamic and vibrant capital markets.

Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."
Job Summary: *
The Information Security Engineer is part of the Information Security function, playing a key role in enhancing the organization security posture. The incumbent is responsible for designing, building, operating, and evolving enterprise IT security solutions to meet the organization's security requirements, while engaging key stakeholders to deliver key security services.

Job Duties:
Job Responsibilities:

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information.
• Configure and troubleshoot security infrastructure to ensure optimal performance and alignment with security policies.
• Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services.
• Support security tool enhancements and policy governance, including tasks such as reviewing and updating application control policies, managing user access profiles, and performing regular recertification of access rights. Tools involved may include application whitelisting platforms and Endpoint Detection & Response (EDR) solutions.
• Deliver and maintain core security services, such as integrating systems with Identity and Access Management (IAM) platforms (e.g., Privileged Identity Management and Identity Governance & Administration), maintaining system account inventories, and coordinating periodic access reviews and recertification campaigns.
• Ensure security tools are properly configured and maintained to support the detection of and response to cyber security threats (e.g., tuning alert rules, updating threat signatures, and integrating tools with incident response workflows).
• Conduct and document disaster recovery testing for security tools.
• Ensure smooth daily operations of account management processes, including reviewing system account requests for accuracy, identifying and resolving automation issues, and driving process improvements through automation and workflow optimization.
• Manage relationship with product vendors and suppliers to ensure timely maintenance, updates, and enhancements of security tools and solutions.

Job Requirements:

• Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
• Proven work experience as a System Security Engineer or Information Security Engineer.
• Experience in building, maintaining and operating security systems and platforms.
• Hands on experience in EndPoint security (e.g., app control, EDR) and IAM (e.g., PIM, IGA) tools and related workflows.
• Understanding of the latest security principles, techniques, and protocols (such as zero trust, etc).
• Ability to work collaboratively in cross-functional teams and communicate effectively with technical and non-technical stakeholders.
• Good presentation, project planning and documentation skills.
• Problem solving skills and ability to work under pressure.
• Familiarity with web technologies (e.g., web applications, web Services, service-oriented architectures) and network/web protocols.
• Knowledge with application, database and operating system and cloud security (AWS or Huawei Cloud Stack) is an asset.
• Experience with scripting (e.g., Python) or automation tools (e.g., Ansible) is preferred.
• Understanding of risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP or NIST Cybersecurity Framework will be added advantage.
• Professional certifications such as CISSP, CISM, CEH, GIAC (e.g., GSEC, GCIA, GPEN), or AWS Certified Security will be added advantage .

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.
Location:
HKEX - TKO

Shift:
Standard - 40 Hours (Hong Kong SAR)

Scheduled Weekly Hours:
40

Worker Type:
Permanent

About the company:
Our client is a leading global professional firm operating in over thirty countries. The Lead Information Security Engineer role's is to safeguard the organization's IT systems and data. This role requires the candidate's active participation in the implementation of security policies and procedures, the monitoring and analysis of security events and the maintenance of security tools. Other responsibilities are to identify, investigate and resolve any security threats, vulnerabilities and incidents. The candidate must keep up to date with the latest security trends, have excellent communication and problem-solving skills and have a deep understanding of security principles and technologies. The individual will have a functional role in mentoring other team members and share the off-hour support responsibilities.

Responsibilities:

• Review, analyze, and monitor security system reports and logs for suspicious activities, trends, and patterns. This includes web filters, mail gateways, firewalls, encryption systems, anti-malware systems, and IDS/IPS.
• Configure, maintain, and administer security products and solutions used within the firm.
• Configure, maintain, and administer firewalls, web proxy devices, data loss prevention systems, and security information event monitoring systems.
• As a member of the Incident Response Team, respond to alerts, warnings, incidents, and help desk tickets to minimize firm asset exposure under the direction of the IS Security Manager.
• Participate in troubleshooting efforts for all IT security-related problems, including managing and using TAM arrangements with specified security vendors.
• Serve as a technician/engineer on IS projects.
• Conduct risk and security reviews on products as directed by the IT Security Manager or IS management.
• Configure access control systems, assigning rights to appropriate resources for users, IS personnel, and vendors.
• Recommend controls to ensure appropriate protection levels and adherence to the overall information security strategy.
• Monitor IS security metrics, including security system logs, Windows server logs, and network monitoring systems.
• Administer systems and processes to monitor and reconcile system patch status and discovered vulnerabilities, managing metrics that provide patch and vulnerability status. Work with responsible groups inside and outside of IT to remediate.
• Provide consultation and conduct internal investigations that may require forensic analysis under the direction of the IT Security Manager and/or IS management.
• Respond to audit findings as directed by the IT Security Manager and/or IT Management.
• Evaluate and recommend commercial security vendors and products.
• Perform other duties as assigned or required.

Qualifications and Experience

• Bachelor's degree in Cybersecurity Engineering or Computer Sciences
• Strong professional experience in information security with a focus on security operations and technical support
• Strong Experience in Microsoft office Suite, iManage or others company technologies
• Experience with VPN, SSL and other encryption technologies
• Good knowledge of server, workstation, and Active Directory technologies that impact security controls
• Deep understanding of TCP/IP, DNS and common network services
• Experience with security frameworks and compliance requirements such as GDPR, ISO 27001, NIST 800 and PCI DSS.

If you believe you have the right skills, attitude and experience please click 'apply now' below and upload your resume. Alternatively, for a confidential chat, please contact Kevin Ng by applying directly to email  or reach out at

We apologies that only shortlisted candidates will be contacted.

We are seeking an experienced Security Solutions Presales Consultant with more than 5 years of expertise delivering technical presales support across multi‑cloud and hybrid environments.

The role covers Identity & Access Management, CASB, Threat Protection, Data Security, and AI Security domains, providing solution design, technical demonstrations, and proposal support to a wide range of customers.

The ideal candidate has strong security technical knowledge, excellent communication skills, and hands‑on experience in solution‑based presales engagements.

• Partner with sales teams to identify customer business and technical needs, and propose security solutions.

• Design and present comprehensive security architectures covering:

• Identity & Access Management (IAM, PAM, SSO, MFA, Zero Trust)

• CASB (Cloud application visibility, risk analysis, and policy enforcement)
• Threat Protection (Endpoint, network, and cloud threat detection & response)
• Data Security (Encryption, DLP, classification, secure sharing policies)
• AI Security (Model protection, privacy, governance, compliance)
• Conduct product demonstrations, workshops, and proof‑of‑concept engagements.
• Work across multi‑cloud environments (M365, Azure, AWS, GCP, and other providers) in hybrid deployment models.
• Support RFP/RFI responses with detailed technical documentation and compliance mappings.
• Collaborate with delivery and implementation teams to validate solutions and ensure technical accuracy.
• Monitor emerging security threats, new technologies, and compliance requirements.

• Minimum 5 years of experience in security architecture, engineering, or presales roles.
• Strong expertise in at least two core domains: IAM, CASB, Threat Protection, Data Security, AI Security.
• Proven experience designing solutions for multi‑cloud and enterprise environments.
• Excellent communication and presentation skills — able to engage both technical and business stakeholders.
• Track record of success in consultation conversation based presales.

• Microsoft Security solutions experience (e.g., Microsoft Defender suite, Purview, Entra ID) and related certifications (SC‑200, SC‑300, SC‑400, AZ-500, etc.) are advantageous.
• Security Certifications: CISSP, CEH, plus vendor‑specific accreditations from major cloud/security providers (AWS Security, Google Professional Cloud Security Engineer, Palo Alto Networks, Fortinet, etc.).
• Familiarity with industry security frameworks such as CIS Controls, NIST CSF, ISO 27001, SOC 2, and regulatory requirements (GDPR, HIPAA, PCI‑DSS).
• Experience in security assessments, gap analysis, and compliance mapping.
• Knowledge of AI governance, secure AI implementation, and ethical AI practices.