What Jobs are available for Incident Response in Hong Kong?

Service Line Overview

KPMG Forensic leverages our vast industry experience and leading technologies to help clients handle fraud and misconduct investigations, address complex regulatory compliance issues, and provide dispute advisory support in financial disputes that are likely to lead to litigation, arbitration, expert determination or mediation.

Our team have qualifications and experience in forensic accounting, big data analytics, technology, anti-money laundering/Sanctions compliance, law enforcement and research. We have dedicated Forensic Technology labs in Shanghai and Hong Kong and are equipped with capability and experience to analyze and host terabytes of data in local jurisdictions. We have leading hardware equipment and are keeping learning and strengthening our technique capacity to address rising market needs on big data analytics, computer forensics and cyber incident responses.

We have worked with industry professionals in Asia Pacific, and worldwide through the KPMG International Forensic network of over 3,000 professionals to provide one-stop solution for complex projects across numerous jurisdictions.

Key Responsibilities

• Lead a core group of Cyber incident response professionals, reporting to the Forensic Hong Kong partnership team
• Manage a portfolio of clients e.g. banking sector, logistics, critical infrastructure providers and consumer retails in Hong Kong, Mainland China and ASPAC, and closely monitor the scope, timelines, budget and resources of the project, to support our existing teams with specific analytic skills to identify market intelligence, potential threats and insights across the service areas
• Provide thought leadership and constant innovation to develop cyber incident response services in line with our KPMG global brand to cater to our existing clients and to develop opportunities and referrals in adjacent non-competing market spaces
• Direct end-to-end investigations of major incidents for KPMG's clients, ensuring minimal operational impact and full documentation of findings.
• Lead advanced analysis of complex cybersecurity events and incidents, delivering
• Assist with the day-to-day operations on projects, oversea engagements (client deliverables, timelines), provide mentorship and guidance to the cyber response team members

Experience & Background

• A passion for cyber security, computer systems and networks;
• Direct end-to-end investigations of major incidents, ensuring minimal operational impact and full documentation of findings
• In depth understanding of how operating systems work, computer networks and appliances like - firewalls, web proxy, system event logs, web applications, web servers etc. with hands on experience for analysis of forensic artifacts
• A bachelor's degree holder or above in Computer Science, Information Security, Information Management or equivalent or related disciplines.
• 5+ years of relevant working experience, computer forensic or incident response/incident management/ crisis management / Security Operations Center (SOC)/ digital forensics related experience
• Good understanding of SIEM, SOAR, UEBA, EDR/XDR tools, and their use in monitoring and incident handling
• Knowledge of MITRE ATT&CK, Cyber Kill Chain, and other adversary behaviour models for detection engineering
• Overseas work or education background is a plus.
• Quick learner, ability to work under pressure and deliver high quality work
• You will be leading the team to perform cyber investigations, assist in developing proposals/ responding to RFP's, lead engagements related to building cyber readiness for clients (involving cyber crisis exercises, IR policy reviews and playbooks, conducting trainings, blue team exercises ), collaborate on engagements with other service teams of KPMG etc.
• Good communication skills in English and team player
• Willingness to travel within China and the Asia Pacific region
• Proficiency in spoken/written Chinese and English
• Candidates with one or more of following certificates will be given added preference - EC Council Certified Ethical hacker, EC-Council Certified Hacking Forensics Investigator, SANS GCFA, SANS GCFE, CREST, EC-Council Certified Incident Handler, OSCP, LPT, SANS GCTI, CTIA - EC-Council Certified Threat Intelligence Analyst, CISSP - Certified Information Systems Security Professional etc.

About KPMG

At KPMG China, we are committed to being an equal opportunity employer, with zero tolerance for any form of discrimination against any persons. It is important for us to create an inclusive, diverse and agile workplace for our people to develop and thrive at both a personal and professional level.

We strive to make ESG (environmental, social and governance) a watermark running through our organisation; from empowering our people to become agents of positive change, to providing better solutions and services to our clients to help them achieve their ESG goals. View Our Impact Plan to learn more about our ESG commitments and progress across four key pillars - Governance, People, Planet and Prosperity - and how we make a positive impact on our people, environment and society.

We encourage you to come as you are, and we welcome all qualified candidates to apply, and hope you unlock opportunities with us. Visit KPMG China website for more company information.

You acknowledge and agree that all personal information hereby provided regarding yourself will be used by KPMG China for its candidate selection purposed only. KPMG China collects, uses, processes, and retains your personal information in accordance with KPMG China's Online Privacy Statement and/or KPMG China Privacy Statement (collectively " Privacy Statement"). During the recruitment process, KPMG China may need to store personal information of candidates in a designated third-party application tracking platform.

If you have any questions regarding the information you provided in the form or your job application in general, please contact KPMG China's HR personnel in the location where your application is submitted ( see here ).

Pursue a Career with Impact
At Deloitte China, we are on a mission to nurture and empower our people to become deep subject matter experts. We offer the perfect platform to unleash your full potential and equip you to thrive on challenges, and partner with our clients to solve their most complex problems. A world of opportunities awaits. Start your adventure and journey with us.

About The Business
Risk Advisory

Trust, resilience and security connecting for enduring success and responsible business

With competencies encompassing capital markets, control assurance, contractual exposure and insurance claims, and security services, our RA professionals offer a wealth of experience across a spectrum of industries. This is a great place to build a career and make an impact that really matters.

By taking a Risk Intelligent approach, Risk Advisory provide powerful, practical solutions in cyber, strategy, regulation and controls, backed by deep business knowledge across multi-disciplinary teams, helping clients worldwide take the opportunity to connect trust, resilience and security for more positive outcomes. Risk Advisory helps ensure success that enables sustainable growth, inspires positive societal impact and creates a more responsible business. When you join Risk Advisory, you can be sure of access to these solutions and experiences, as well as opportunities in our different services lines, all wrapped in a high tech environment with a high touch approach to career development that ensures you reach your full potential. Whichever service offering you work in, your skills and experience will be highly valued

Cyber & Strategic Risk

We help clients address various aspects of Cyber and other strategic risks to their organizations to inform risk-based strategic choices, prepare to respond to disruption, assess and manage full-lifecycle enterprise risks, as well as strategize and respond to risks associated with the reliability and protection of data, associated processes and technology. We provide advisory and managed services to help senior executives spot, assess, manage, and respond to risks and/or catastrophic unforeseen incidents that could undermine their competitive position or jeopardize their critical assets, reputation and/or financial standing. Offerings include:

• Cyber;
• Crisis & Resilience;
• Strategy, Brand and Reputation;
• Climate and Sustainability;
• Extended Enterprise

Our objective is to help clients develop and implement strategies for IT risk management and aim to help clients find the appropriate balance between risk management and cost containment. Our integrated solutions covering: Cyber Strategy, Cyber Security, Cyber Vigilance, Cyber Resilience.

Work you'll do

• Assist in cyber incident response & investigation related projects
• Own technical cyber incident investigations processes, tools and strategies
• Collaborate with the Deloitte Digital Forensics and Financial Crime teams to participate in cross service line client engagements
• Support the broader Cyber Risk team in skills and knowledge transfer activities for cyber incident response & investigation
• Work with multi-level of our clients from C-level executives and management staff to on-the-ground professionals
• Establish cyber IR framework for our clients including strategies, organizations, policies, processes, standards and guidelines, etc.
• Review and analyze client's IT environment from infrastructure, databases to applications
• Review and analyze client's existing technical workflows and processes
• Work with other internal teams to deliver complex engagements both locally and overseas
• Professionally advice and work with client's key stakeholders to design best-of-breed solutions to our clients

During your tenure with us, you will demonstrate and develop your leadership and professional capabilities in the following areas: Inspiring, Creating purpose, Driving agility, Building diverse capability, Influencing, Collaborating, Delivering value, Building the business, Analytical acumen, Effective communication, Engagement management/delivery excellence, Managing change, Managing quality & risk, Sales excellence, Strategic thinking and problem solving, and Tech savviness.

We are looking for someone with

• Bachelor degree or above in Information Security, Computer Science, Information Technology, Risk Management, Management Information Systems or related disciplines
• Ideally 3 or more years of working experience in cyber incident response or digital forensics investigation. Deep hands-on experience of cyber threat hunting, threat intelligence and/or data analytics can be a substitute
• Familiarity with cyber incident response processes and methodologies and advanced investigative, compliance, and/or regulatory analytics
• Fluent in Python is compulsory
• Possess one or more of cyber security, incident response or digital forensics certification(s) such as CISSP, CISM, CEH, CHFI, GCIH, OSCP, OSCE, EnCE, GCFA, GCFE, GREM etc.
• Specific capabilities and experience should be heavily weighted towards cyber incident response, cyber forensics and compliance/investigation analytics including the use of advanced automation, predictive algorithms, and dynamic reporting using digital and mobile delivery channels
• Strong project management skills with the ability to lead and manage multiple significant client engagements simultaneously
• Demonstrated leadership and ability to drive successful execution of strategic objectives
• Cyber / disaster recovery, incident and crisis management
• Ability to build relationships with clients, also be able to work under tight deadlines, prioritize, handle multiple tasks, utilize strong leadership and technical skills, and communicate effectively both orally and in writing
• Strong analytical mind and problem solving skills
• Excellent project management and interpersonal skills
• Strong consultation and communication skills with highly proficiency in both spoken and written English and Chinese

Shape your future through impact that matters
For more than 100 years of history, Deloitte witnessed also had the honor to be part of the economic boom in China by providing industry-leading audit & assurance, consulting, risk advisory, financial advisory, tax & business advisory services to nearly 90% of the Fortune Global 500 Chinese companies and thousands of private companies. Deloitte China today carries on our centenary professionalism and strives to become the undisputed leader in professional services in China with strong responsibility and capabilities in digitalization and multidisciplinary services.

Deloitte has been named China's Top Employer since 2006, Universum's Most Attractive Employer in China since 2008, and the Best Workplaces in Greater China since 2019.

All qualified applicants will receive consideration for employment regardless of their background, experience, identity, ability or thinking style, and if you need assistance during the application process for accessibility reasons this is available upon request. The preferred candidate will be subject to background screening by Deloitte China or by their external third-party provider.

Ready to take on new challenges? Apply now

Stay connected for the latest career opportunities, follow us on Deloitte China Social Media.

Why Deloitte China?
Deloitte China delivers a comprehensive range of audit & assurance, consulting, financial advisory, risk advisory and tax services to local, multinational and growth enterprise clients in China.

• We are the
  world's largest professional services firm
  that changes the world, we lead with purpose and shared values.
• We are the
  market leader with digital and innovative solutions
  , we create values for client through our multi-disciplinary services.
• We are recognized as
  Top Employer
  in China by the Top Employers Institute* for 14th consecutive years, and made the top 3 for the first time this year
• We are certified as one of the
  'Best Workplaces
  in Greater China by Great Place to Work in 2019

Are you dedicated to excellence in your work? Do you excel in a team-oriented environment, upholding integrity and responsibility while embracing opportunities for growth? We welcome you to join a dynamic team committed to outstanding performance.

We are a globally renowned organization in the hospitality sector, celebrated for delivering unparalleled experiences in top-tier locations worldwide. Our focus on innovation and exceptional service fuels our success, and we are looking for a skilled professional to enhance our cybersecurity team.

Position Title: Security Analyst

Position Objective:

The Security Analyst will contribute to global cybersecurity efforts by overseeing, evaluating, and strengthening security measures across on-premises, cloud, and mobile platforms. This role will partner with security engineers, architects, and IT teams to identify, analyze, and mitigate threats, ensuring compliance and robustness throughout our digital infrastructure.

Key Responsibilities:

• Oversee the performance, reliability, stability, and compliance of security systems, working with business units to address deficiencies
• Identify and respond to network irregularities and malware incidents across various security tools
• Administer and monitor Data Loss Prevention (DLP) solutions for networks, hosts, and cloud environments
• Examine and handle alerts from Security Information and Event Management (SIEM) systems
• Supervise email and spam filtering systems, addressing malicious activities
• Manage application whitelisting and file integrity monitoring processes
• Ensure adherence to cybersecurity configurations through vulnerability management tools
• Address vulnerabilities and findings from penetration testing
• Undertake additional tasks as directed by the Manager, Security Architecture

Qualifications:

• Bachelor's degree in Information Systems, Computer Science, or comparable experience
• 2–4 years of experience in IT or cybersecurity positions
• Proficient in SIEM, Intrusion Detection/Prevention Systems (IDS/IPS), malware defense, DLP, Identity and Access Management (IAM), vulnerability scanning, and incident response

Our Commitment to You:

• Learning & Development: We support your success with customized training programs to foster your career growth.
• Travel Perks: Benefit from complimentary stays and discounted rates at our global properties for you and your family.
• Health & Wellness: We provide a range of health benefits and wellness initiatives to promote a balanced lifestyle.
• Retirement Benefits: Depending on your role and length of service, we offer retirement plans to honor your dedication.

A leading multinational servicing company is looking to strengthen their cybersecurity team by recruiting a Security Analyst. This role reports to the Security Architecture Manager and will be responsible for supporting global cybersecurity operations by monitoring, analyzing, and maintaining the security posture across on-premises, cloud, and mobile environments.

Candidates should have exposure in the following:

• Minimum 2 to 4 years of experience in IT or cybersecurity roles
• Strong knowledge of SIEM, IDS/IPS, malware protection, Data Loss Prevention (DLP), Identity and Access Management (IAM), vulnerability scanning, and incident response
• Proven ability to detect and respond to network anomalies and malware events across multiple security platforms
• Experience managing and monitoring DLP solutions, email filtering systems, and application whitelisting
• Skilled at investigating and managing SIEM alerts and overseeing cybersecurity configuration compliance via vulnerability management tools
• Bachelor's degree in Information Systems, Computer Science, or equivalent experience

This role requires strong collaboration skills to work closely with security engineers, architects, and IT teams to ensure compliance and resilience across the organization's digital infrastructure.

For more information, please contact OR WhatsApp

The Role:

The role is part of our regional SOC team, tasked to deliver Managed Security Services (MSS) and help customers achieve its business goals & objectives by re-imagining cybersecurity as one of its business enabler. The role reports to SOC vertical based in Singapore. It is a great opportunity to put your past experiences in building a world class SOC and address cybersecurity challenges of organizations in the region. It provides exposure to wide variety of security technologies, and provides opportunity for the candidate to pioneer in developing SOC and build new MSS offerings.

Accountabilities:

Handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.

Critical incidents to CSIRT team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.

Provide detailed remediation recommendation to customers for the incidents within agreed SLAs, and if required assist them during remediation implementation.

Go that extra mile to proactively work with customer to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.

Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.

Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.

Lead new customer deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-end responsibility for smooth go-live.

Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.

Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks, relevant and sufficient Knowledge base.

If required assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events, to show value of the service offerings to prospect customers.

Lead and manage junior analysts in handling incidents, day-day operations, SLA requirements, and customer requests.

The Individual and their Experience:

Candidate should have at least 8 years of experience working in SOC and MSS environments, with a Bachelor's degree in Computer Science/IT/Information security.

Excellent hands-on experience in implementations, incident analysis of IBM
QRadar
, Alienvault SIEM technologies and should hold relevant vendor certifications.

Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Cisco AMP for endpoint.

Hands on experience on email security solutions. Preferred if that is on Cisco Email Solutions.

Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.

Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with a proven Unix (Solaris, Linux, BSD) experience.

Knowledge on any shell scripting language, and to apply them to automate mundane operations tasks.

Candidate should have at least one SANS certification. Preferred if that is GCIH

Understanding of basic network concepts and advantage if exposure to cloud technologies.

Thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards

Position will be based in Hong Kong

Job Responsibilities:

• Develop and implement appropriate security measures to safeguard the delivery of IT services. Research and evaluate new technologies in adapting security protection to the latest threat landscape
• Participate in security monitoring, detecting and analysis of events related to security
• To protect client's applications and servers from attacks by deploying countermeasures on the spot
• To commence emergency recovery procedures through mitigations promptly
• To support customers by diagnosing the occurrence of incidents, and directly coordinate with clients over the phone, email and other supporting instant message tools
• To participate in the 24x7 operation and ensure a smooth and efficient operation

Job Requirements:

• University Degree or Diploma holder on Computer Studies or Information Technology is preferred.
• Knowledge of Network Security is a must
• Experience in handling DDOS events would be a preference
• Work experience in Security Operations Center (SOC) would be a preference
• Self-motivated team player with strong sense of responsibilities, service and customer oriented.
• Mature, independent with good communication skills.
• Conversational in English and/or Chinese.
• 24x7 roster shift duty is required

Job Description:

As an IT Security Analyst, you will play a critical role in safeguarding our organization's digital assets and infrastructure. You will be responsible for monitoring and analyzing security events, identifying potential threats, and responding to security incidents. Your expertise will be essential in conducting vulnerability assessments, implementing security controls, and ensuring compliance with industry standards and regulations. You will collaborate with cross-functional teams to develop and maintain security policies, procedures, and awareness programs, while staying abreast of the latest security trends and technologies. Your proactive approach to threat detection and incident response will be vital in maintaining the confidentiality, integrity, and availability of our systems and data.

Core Responsibilities & Duties:

• Security Monitoring and Analysis:

• Monitor security logs, network traffic, and system events for suspicious activity.

• Analyze security alerts and events to identify potential threats and vulnerabilities.
• Utilize security information and event management (SIEM) tools to detect and correlate security incidents.

• Incident Response:

• Participate in incident response activities, including containment, eradication, and recovery.

• Conduct forensic analysis to investigate security breaches and determine the root cause.
• Document security incidents and response actions.

• Vulnerability Management:

• Conduct vulnerability assessments and penetration testing to identify security weaknesses.

• Prioritize and track vulnerabilities and recommend remediation actions.
• Manage and maintain vulnerability scanning tools.

• Security Control Implementation:

• Implement and maintain security controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus software.

• Configure and manage security systems and applications.
• Ensure security controls are properly implemented and maintained.

• Compliance and Auditing:

• Assist in security audits and compliance assessments (e.g., GDPR, HIPAA, PCI DSS).

• Develop and maintain security policies, procedures, and standards.
• Ensure compliance with relevant security regulations and industry best practices.

• Security Awareness and Training:

• Develop and deliver security awareness training programs for2 employees.

• Educate users on security best practices and potential threats.
• Promote a security-conscious culture within the organization.

• Threat Intelligence:

• Stay up to date on the latest security threats and vulnerabilities.

• Research and analyze threat intelligence to identify potential risks.
• Provide threat intelligence reports and recommendations.

• Collaboration and Communication:

• Collaborate with cross-functional teams to address security concerns.

• Communicate security risks and recommendations to stakeholders.
• Provide clear and concise security reports and documentation.

• Documentation and Reporting:

• Maintain accurate and up-to-date security documentation.

• Generate regular security reports and metrics.
• document security procedures.

Qualifications:

• A degree in the field of Computer Science or related field, or equivalent experience is required
• 5 + years of experience in IT information security

· Strong technical and consulting skills, project management capability

· Experience with security and risk frameworks, standards, and best practices

· Able to present effectively to executive level in both business and IT terms

Skills:

• The ideal candidate will possess a "can do" attitude with a "will do" work ethic
• Quick thinker, experienced in unconventional problem solving
• Excellent understanding of business complexity and project interdependencies
• Excellent communication, written, verbal, analytical and problem-solving skills
• Suitable time management skills and ability to meet deadlines
• Strong understanding of the organization's goals and objectives
• Exceptional interpersonal skills, with a focus on listening and questioning skills
• Strong documentation skills
• Ability to conduct research into a wide range of computing issues as required
• Ability to absorb and retain information quickly
• Ability to present ideas in user-friendly language to non-technical staff and end users
• A keen attention to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Exceptional customer service orientation
• Experience working in a team-oriented, collaborative environment

We offer an exciting work environment and excellent career development opportunities. If you have the desire for an exciting and rewarding career, please send us your resume immediately, quoting your present and expected salary as well as the reference number to Human Resources Department.

Personal data collected would be used for recruitment purpose only.

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.