232 Information Security jobs in Hong Kong

Overview

Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange by trading volume and registered users. We are trusted by over 280 million people in 100+ countries for our industry-leading security, user fund transparency, trading engine speed, deep liquidity, and an unmatched portfolio of digital-asset products. Binance offerings range from trading and finance to education, research, payments, institutional services, Web3 features, and more. We leverage the power of digital assets and blockchain to build an inclusive financial ecosystem to advance the freedom of money and improve financial access for people around the world.

• Design and implement secure application architectures, considering factors like authentication, authorization, data protection, and vulnerability management etc.
• Develop and maintain secure coding guidelines and standards.
• Conduct architectural / security requirement reviews to identify/assess potential security risks and mitigate security risks that may be caused by new products, new functions, bug fixes, etc.
• Develop and implement security controls and countermeasures to mitigate identified risks.
• Conduct regular security audits or penetration testing.
• Ensure compliance with relevant security standards and regulations (e.g., OWASP).
• Stay up-to-date with the latest security threats and vulnerabilities and incident in the community etc.
• For the company's product business area, conduct pre-research to deep understand the business and reserve security tech research
• Gradually form a basis for risk identification based on different products and security solution
• Communicate security risks and recommendations to stakeholders.
• Provide guidance and mentorship to the teams on security suggestions and secure coding practices.

• A bachelor's degree or above in computer science or a related field
• More than 6 years of application security experience or software development, more than 10 years is preferred
• Strong understanding and execution of software development principles and SDLC
• Proficient in mainstream Web application development technology, Java-based tech stack is preferred
• Proficient in the causes and solutions of OWASP TOP 10 security issues
• Proficient in technical implementation of common security solutions
• Understand the basic techniques of penetration testing and security testing
• Familiar with the use of static security scanning tools for code, as well as problem analysis and solution design
• Understand the basic knowledge of mobile and web security
• Systematically grasp the formation mechanism of application security vulnerabilities and have the ability to design corresponding solutions (in line with industry best security practices)
• Understand the thinking of threat modeling and attack surface analysis, actual combat experience is preferred
• Bilingual English/Mandarin is required to be able to coordinate with overseas partners and stakeholders.
• Ability to work independently and as part of a team.
• Strong problem-solving and analytical skills.

• Shape the future with the world’s leading blockchain ecosystem
• Collaborate with world-class talent in a user-centric global organization with a flat structure
• Tackle unique, fast-paced projects with autonomy in an innovative environment
• Thrive in a results-driven workplace with opportunities for career growth and continuous learning
• Competitive salary and company benefits
• Work-from-home arrangement (the arrangement may vary depending on the work nature of the business team)

Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success.

Overview

Join to apply for the Chief Information Security Officer role at EX.IO .

• Develop and execute cybersecurity strategy for trading platforms and blockchain systems.
• Lead security team, overseeing threat prevention, incident response, and risk assessments.
• Ensure compliance with SFC Cybersecurity Guidelines and global standards (e.g., ISO 27001).
• Monitor and mitigate cyber threats (e.g., DDoS, phishing, wallet breaches).
• Enforce security policies and conduct employee training on secure practices.
• Evaluate emerging technologies (e.g., zero-trust, AI threat detection) for platform resilience.

• Bachelor’s/Master’s in Cybersecurity, IT, or related field; CISSP/CISM preferred.
• 8+ years in cybersecurity, 3+ years in leadership, ideally in fintech/blockchain.
• Expertise in securing trading platforms, wallets, and smart contracts.
• Knowledge of SFC regulations and global frameworks (e.g., NIST, GDPR).
• Strong leadership and communication skills; English fluency, Mandarin/Cantonese a plus.
• Proactive, strategic thinker thriving in a fast-paced environment.

• Executive

• Full-time

• Information Technology

• Blockchain Services

Overview

ERM in Hong Kong is seeking candidates to help grow the business in the field of Process Safety, Data Analysis, Risk and Reliability Assessment and Safety Management with the potential to become one of our top consultants. The successful candidate will provide technical expertise in data analysis, hazard identification and risk assessment studies (including HAZID, HAZOP, SIL, QRA, and RAM studies) for process plants in the field of oil and gas (including offshore), refinery, chemicals and petrochemicals. The position also requires an energetic candidate who is motivated to travel on a regular basis.

Candidates may also have relevant experience in the following area(s):

• Data analysis using python, R, etc.
• Reliability assessment
• Computation Fluid Dynamics (CFD)
• Safety related studies (HAZID, HAZOP, QRA, etc.)

• Degree in Chemical / Mechanical, preferably with a post-graduate qualification with modelling experience, from a reputable university in chemical / mechanical engineering
• 1 year relevant experience in risk assessment or design safety engineering; and in plant operations or process design. Fresh graduates are also welcome to apply
• Strong data management, analytical and numerical skills
• Excellent communication & presentation skills and academic qualifications
• Excellent English and Mandarin language skills, both spoken and written
• Motivated to travel on a region wide and worldwide basis regularly to meet client needs; (Travel may be extensive on some projects)
• Candidates must be motivated, independent individuals with initiative, who can work autonomously and are committed to delivering the highest quality services to our clients
• Candidates are eligible to apply for chartered engineer with international professional associations.

As the world’s leading sustainability consulting firm, ERM is uniquely positioned to contribute to the environment and society through the expertise and energy of our employees worldwide. Sustainability is what we do, and is at the heart of both our service offerings and how we operate our business. For our people, our vision means attracting, inspiring, developing and rewarding our people to work with the best clients and on the biggest challenges, thus creating valuable careers. We achieve our vision in a sustainable manner by maintaining and living our ERM values that include Accountability, Caring for our People, Client Focus, Collaboration, Empowerment, and Transparency.

ERM does not accept recruiting agency resumes. Please do not forward resumes to our jobs alias, ERM employees or any other company location. ERM is not responsible for any fees related to unsolicited resumes. ERM is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, marital status or disability status.

Thank you for your interest in ERM. Candidates may be invited to complete an online assessment as part of our recruitment process. All personal information will be handled confidentially and in compliance with data protection laws.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Engineering and Information Technology
• Industries: Environmental Services, Civil Engineering, and Oil and Gas

Referrals increase your chances of interviewing at ERM by 2x. Get notified about new Associate Technician jobs in Hong Kong, Hong Kong SAR.

(Senior) Security Engineer, Security Engineering & Threat Intelligence

We are looking for an intermediate level security engineer to join our Global Cybersecurity Services Team. As part of our modern cybersecurity operating model, the role will be engaged in enhancing our security technology stack, building AI driven security automation workflows and contributing to security operations and threat management.

We are building a modern, multi-cloud, intelligence driven security operations capability that will heavily involve AI and automation; and will require engineering and operational skills at all levels.

• Automation & DevOps: CI/CD Development and Management: Build, manage, and optimize Continuous Integration and Continuous Deployment (CI/CD) pipelines to enhance development workflows. Ensure fast, secure, and reliable delivery of code while maintaining a focus on quality and production readiness.
• Infrastructure as Code (IaC): Develop, enhance, and maintain Infrastructure as Code (IaC) templates or playbooks using tools such as Ansible, Terraform, CloudFormation, or equivalent. Collaborate with teams to standardize infrastructure provisioning and deployment across cloud and on-premise environments.
• Automation & Workflow Orchestration: Design and implement automated solutions and workflows using scripting languages (e.g., Python, Bash, PowerShell) or hyperautomation platforms. Leverage automation to orchestrate repetitive tasks, streamline operational processes, and improve system efficiency.
• DevOps Best Practices: Integrate DevOps principles into development lifecycles, promoting collaboration, monitoring, and agile delivery. Continuously evaluate new tools and technologies to enhance the automation and DevOps toolkit.
• Security Engineering: Build, maintain and enhance our security operations technology stack, which includes cloud native solutions, cloud-based infrastructure and applications, next generation SIEMs and hyper automation solutions. Build and enhance security logging and detection engineering practices, and incorporate DevOps best practices into Security Engineering. Relentlessly automate and creatively incorporate AI into workflows. Interest in Agentic AI systems is ideal.
• Detection & Response: Build, maintain and enhance infrastructure related to detection & response engineering lifecycle, telemetry and log pipelines, automation and AI. Support alert pipeline and detection use case development.
• Threat Intelligence Management: Support backend and infrastructure tasks related to Threat Intelligence Projects, Threat Intelligence Collection, Threat Analysis, Making Threat Intelligence Actionable, Collaboration & Incident Support.
• Security Projects: Lead projects and initiatives that may involve Endpoint Security enhancements, Attack Simulation, Use Case Validation, Threat Hunting, Compromise Assessments, Network/Endpoint security reviews.
• Leadership: Be comfortable with cross-functional leadership and stakeholder management. Be willing to mentor and contribute to the growth and capability of the team.

Job Summary

The Application Security Solution Architect (ASSA) for HKEX Group is accountable for translating group-wide information and cyber security strategy, policy and control requirements into secure application solutions. They will focus on application-level security architecture, design, processes and controls. The role balances the unique business objectives of a global exchange against the inherent security threat and risk profile applicable to critical national infrastructure.

• Architectural Oversight: Ensure that the information and cybersecurity architecture and solution designs for applications are engineered according to specifications and within acceptable risk tolerance levels, focusing on application-specific contexts.
• Support Development Teams: Collaborate with development teams to implement application-specific threat modeling, secure coding practices, and the effective use of application security assurance tools to enhance the security of software products.
• Integration Architecture Recommendations: Provide expert recommendations on application-level integration architecture, focusing on secure coding practices, web application firewalls, software composition analysis, static and dynamic code scanning, Software Bill of Materials (SBOM), and security measures within CI/CD pipelines, all crucial for securing application deployments.
• Application Security Assurance Tool Experience: Leverage experience with application security assurance tools, including onboarding, triaging issues, and assisting developers, to ensure that applications are built and maintained with robust security measures.
• Collaboration with Security Engineering: Work closely with the Security Engineering team to integrate security solutions into application development processes, ensuring that security is a fundamental aspect of the application lifecycle.
• Requirement Creation and Review: Develop and review functional and non-functional security requirements specifically tailored for application projects, ensuring these requirements enhance the security posture of applications.
• System Architecture Review: Conduct thorough reviews of application architecture and designs to ensure that all solutions have undergone appropriate security assurance and meet established security acceptance criteria, thereby protecting applications from vulnerabilities.
• Security Reference Patterns Development: Create and present application security reference patterns and technical security standards that guide secure application development, ensuring compliance with the Information Security Policy.
• Data Security: Create or review implementation of data layer protective and detective control patterns for data storage technologies, from high level SAAS applications to specific technologies, such as databases, Kafka queues, object storage systems.
• Kubernetes / Cloud Security Expertise: Apply knowledge of Kubernetes / Cloud security technologies to enhance the security of applications deployed in containerized environments, addressing specific risks associated with cloud-native applications.
• Application Architecture Understanding: Demonstrate a comprehensive understanding of application architecture to apply relevant security controls and systems, minimizing cybersecurity risks specific to the application's design and functionality.
• Collaborative Project Delivery: Work collaboratively with project delivery and operational teams to ensure that applications are delivered on time and meet high-quality security standards throughout the system delivery lifecycle.
• Governance Participation: Actively participate in governance forums, such as the Architecture Community and Working Group, to contribute to the development of application security strategies and best practices.

Academic and Professional Qualifications Required:

• Relevant university degree in Computer Science, Information Management, or related field, or equivalent experience.
• Experience with information security and enterprise architecture methods and frameworks (e.g., SABSA, TOGAF, NIST CSF).
• Cyber security certifications (e.g., SABSA, CCSP, CISSP) or security-specific cloud certifications (AWS, Azure, GCP, Alibaba Cloud, Kubernetes) would be favourably looked upon.

Required Knowledge and Experience:

• Significant and wide experience in the information and cyber security industry.
• Subject matter expertise in application threat modelling, secure coding practices (e.g., Java or C++, or other languages such as .NET, Node.js, Go) and DevSecOps practices.
• Experience with automated build and deployment pipelines, and securing artefacts in a pipeline.
• Experience with software and system assurance methodologies and vulnerability/risk management practices.
• Experience operating SAST, SCA, DAST, IAST and SBOM.
• Automation scripting using Python and APIs.
• Experience with industry best-practice IT design/operation methods (e.g., Agile, Waterfall, ITIL, COBIT).
• Recent experience delivering security solutions in public and/or private cloud.

Optional Knowledge and Experience:

• Experience with security Kubernetes technologies, secrets management, PKI, service mesh (Istio), etc.
• Experience developing/contributing to security policies and standards.
• Experience securing automated build and deployment pipelines and artefacts.
• Familiarity with internal audit, risk and control management.
• Relevant information security experience with global exchanges, regulated financial market infrastructure or critical national infrastructure is advantageous.

Skills and Core Competencies:

• Strong, articulate, consensus-building communicator with business acumen and technology knowledge.
• Ability to explain information security concepts to diverse audiences and manage stakeholders effectively.
• Capable of delivering in a fast-moving, high-pressure environment with multiple workstreams.

Personal Qualities:

• Open, approachable, and team-oriented; strong oral and written communication.

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

HKEX - TKO

N/A

40

Permanent

• Mid-Senior level

• Full-time

• Information Technology

Note: This description reflects the content to be used, excluding referrals and unrelated postings.

Overview

Pinpoint Asia is partnering with a leading global quantitative investment firm to find a talented Senior Network Security Engineer. Our client is a technology and data-driven group with a scientific approach to investing, operating across all liquid asset classes worldwide. This is a unique opportunity to join an elite team where technology is at the core of the business. You will work with cutting-edge solutions to solve complex challenges in a collaborative, innovative, and high-performance environment.

The Opportunity

As a Senior Network Security Engineer, you will be a key player in protecting the firm's critical infrastructure. You will manage and evolve the security posture across a complex hybrid environment, spanning global data centers and multi-cloud platforms. We are looking for an engineer with a modern, automation-first mindset who sees security as a business enabler.

• Design, implement, and operate a wide range of modern security solutions, including next-generation firewalls, SASE, CASB , and web proxies.
• Drive the automation of security processes, controls, and deployments using scripting and infrastructure-as-code principles.
• Oversee and secure network changes across complex hybrid environments , including on-premise data centers and public cloud platforms (AWS, GCP, Azure).
• Act as a subject matter expert, providing deep technical security guidance to infrastructure, development, and research teams.
• Perform deep-dive troubleshooting and analysis of network traffic using tools like Wireshark and tcpdump to resolve complex issues.

• A minimum of 5 years of experience in network engineering, security, or a similar role.
• Deep, hands-on expertise with multi-vendor firewalls (e.g., Palo Alto, Fortinet) and a strong understanding of Layer 7 policy adoption.
• Solid understanding of modern network security architectures and solutions (SASE, CASB, Proxies ).
• Proficiency with core networking protocols across all layers of the OSI model.
• Proven experience protecting data and critical assets at the network level.
• A collaborative spirit and excellent communication skills.

• Scripting or coding experience for automation (e.g., Python, Ansible, Terraform ) is highly desirable.
• Hands-on experience with public cloud technologies and securing cloud environments.
• Experience in physical data center and colocation environments.
• An understanding of offensive security TTPs (Tactics, Techniques, and Procedures) from an adversary's perspective.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology, Design, and Engineering

Note: This description focuses on the Senior Network Security Engineer role and its requirements. For related roles and updates, please refer to the listing page for similar opportunities.

Overview

Network & Security Engineer (Cisco, SD-WAN, Palo Alto Firewall) (Insurance) (6 month contract)

Company Description: A leading global health services company committed to helping people improve their health, well-being, and sense of security. They offer a wide range of insurance products and related services.

Nature: Renewable Contract (6 months)

Job Title: Network & Security Engineer (Cisco, SD-WAN, Palo Alto Firewall) (Insurance) (6 month contract)

• Provide expertise in the implementation and maintenance of Cisco network infrastructure.
• Manage and support SD-WAN solutions to optimize network performance and connectivity.
• Configure, monitor, and troubleshoot Palo Alto firewall systems to ensure network security.
• Collaborate with cross-functional teams to resolve complex technical issues and implement network changes.
• Maintain comprehensive documentation for network configurations and procedures.

• Possess three to five years of proven working experience in an Information Technology or network engineering role.
• Demonstrate high-level skills and experience with Cisco networking products and technologies.
• Proficient in the design, deployment, and operation of SD-WAN technologies.
• Strong experience with Palo Alto firewall configuration and security policy management.
• Excellent problem-solving and analytical skills with the ability to work independently.

• Seniority level: Associate
• Employment type: Full-time
• Job function: Information Technology, Engineering, and Project Management
• Industries: Technology, Information and Media, Insurance, and Financial Services

Product Support Executive, Cyber Security

We are looking for a proactive and customer-focused Product Support Executive to join our team at Ingram Micro.

• Serve as the first point of contact for customer inquiries and product-related issues.
• Provide prompt and accurate support via phone and email.
• Work closely with the product team to achieve company sales targets.
• Handle customers’ inquiries including license quotation, order processing and order cancellation.
• Backup for Product Manager.
• Perform other related administrative duties.

• Diploma or Degree in Business, IT, or related field.
• 1–2 years of experience in customer support, technical support, or product-related roles.
• Strong communication and interpersonal skills.
• Problem-solving mindset with attention to detail.
• Ability to work independently and as part of a team.

• Entry level

• Full-time

• Business Development and Sales

• IT Services and IT Consulting

Information Security Engineer – Associate - Security Services - IT

Join to apply for the Information Security Engineer – Associate - Security Services - IT role at Hong Kong Exchanges and Clearing Limited (HKEX).

The Information Security Engineer is part of the Information Security function, playing a key role in enhancing the organization security posture. The incumbent is responsible for designing, building, operating, and evolving enterprise IT security solutions to meet the organization’s security requirements, while engaging key stakeholders to deliver key security services.

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information.
• Configure and troubleshoot security infrastructure to ensure optimal performance and alignment with security policies.
• Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services.
• Support security tool enhancements and policy governance, including tasks such as reviewing and updating application control policies, managing user access profiles, and performing regular recertification of access rights. Tools involved may include application whitelisting platforms and Endpoint Detection & Response (EDR) solutions.
• Deliver and maintain core security services, such as integrating systems with Identity and Access Management (IAM) platforms (e.g., Privileged Identity Management and Identity Governance & Administration), maintaining system account inventories, and coordinating periodic access reviews and recertification campaigns.
• Ensure security tools are properly configured and maintained to support the detection of and response to cyber security threats (e.g., tuning alert rules, updating threat signatures, and integrating tools with incident response workflows).
• Conduct and document disaster recovery testing for security tools.
• Ensure smooth daily operations of account management processes, including reviewing system account requests for accuracy, identifying and resolving automation issues, and driving process improvements through automation and workflow optimization.
• Manage relationship with product vendors and suppliers to ensure timely maintenance, updates, and enhancements of security tools and solutions.

• Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
• Proven work experience as a System Security Engineer or Information Security Engineer.
• Experience in building, maintaining and operating security systems and platforms.
• Hands on experience in EndPoint security (e.g., app control, EDR) and IAM (e.g., PIM, IGA) tools and related workflows.
• Understanding of the latest security principles, techniques, and protocols (such as zero trust).
• Ability to work collaboratively in cross-functional teams and communicate effectively with technical and non-technical stakeholders.
• Good presentation, project planning and documentation skills.
• Problem solving skills and ability to work under pressure.
• Familiarity with web technologies (e.g., web applications, web Services, service-oriented architectures) and network/web protocols.
• Knowledge with application, database and operating system and cloud security (AWS or Huawei Cloud Stack) is an asset.
• Experience with scripting (e.g., Python) or automation tools (e.g., Ansible) is preferred.
• Understanding of risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP or NIST Cybersecurity Framework will be an added advantage.
• Professional certifications such as CISSP, CISM, CEH, GIAC (e.g., GSEC, GCIA, GPEN), or AWS Certified Security will be an added advantage.

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

Location: HKEX - TKO

Shift: Standard - 40 Hours (Hong Kong SAR)

Scheduled Weekly Hours: 40

Worker Type: Permanent

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.