25 National Security jobs in Hong Kong

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Job Description
Position Overview
As a Blockchain Security Specialist, you will play a pivotal role in ensuring the safety, reliability, and resilience of blockchain-based systems across our organization. You will be responsible for identifying, analyzing, and mitigating security risks in smart contracts, decentralized applications, and blockchain protocols, working to protect both infrastructure and user assets from emerging threats.
Key Responsibilities

• Conduct in-depth security assessments and code reviews on smart contracts, blockchain protocols, and decentralized applications to identify vulnerabilities and recommend mitigation strategies.
• Design, implement, and enforce best practices for secure smart contract development, collaborating with product and engineering teams throughout the software development lifecycle.
• Investigate, analyze, and respond to security incidents and breaches, performing root cause analysis and developing comprehensive post-mortems.
• Monitor emerging threats and attack vectors in the blockchain space and proactively update internal security policies and controls.
• Develop and maintain automated security tools, frameworks, and continuous integration pipelines for ongoing vulnerability assessment and threat detection.
• Provide clear documentation and guidance on secure coding practices, cryptographic protocols, and consensus mechanisms to internal teams.
• Work with development teams to enhance security.
  

• Degree in Computer Science, Engineering, Cybersecurity, or a related field (advanced degrees are a plus).
• Experience in blockchain development, with a strong focus on security and smart contract programming.
• Understanding of blockchain protocols, standards, consensus mechanisms, and underlying cryptographic principles.
• Hands-on experience with web3 libraries and frameworks.
• Strong knowledge of security best practices, including secure software development, threat modeling, and incident response.
• Excellent analytical, problem-solving, and communication skills.
  

• Seniority level Entry level

• Employment type Full-time

• Job function Other, Information Technology, and Management

Hong Kong SAR HK$32,000.00-HK$6,000.00 2 weeks ago

Hong Kong SAR HK 17,925.00-HK 29,523.00 2 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

3 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Chinasoft International

Work Location: On-site at a Financial Regulatory Institution (Central, Hong Kong)

Company: Chinasoft International

Employment Type: Contract (12 months, renewable)

Work Location: On-site at a Financial Regulatory Institution (Central, Hong Kong)

Chinasoft International is seeking an experienced and technically skilled IT Security Specialist to join our professional services team. The selected candidate will be seconded to a prominent financial regulatory body in Hong Kong to support mission-critical cybersecurity projects. This role requires solid experience in enterprise IT security, cybersecurity architecture, and operations. You will work closely with internal teams and external vendors to design, implement and manage the cybersecurity infrastructure and compliance initiatives of the client.

The ideal candidate will have hands-on experience in:

• Cybersecurity domains such as identity and access management, security architecture and engineering.
• Cybersecurity solution implementation in an enterprise environment.

• Serve as a Subject Matter Expert to support the research, design, procurement, implementation, operationalization, and optimization of new and revamp of the cybersecurity solutions.
• Participate in the system development lifecycle (SDLC), such as architecture and infrastructure design, technical requirement and operation documentation, technical and user testing, user training, maintenance and support.
• Participate in system integration developments and administer, support and troubleshoot cybersecurity Systems.
• Develop, maintain and fine-tune system operating procedures, including back-up & disaster recovery, vulnerability, update & patch management, system maintenance and monitoring and audit.
• Identify and mitigate security-related incidents, perform vulnerability assessments, support penetration tests, and provide recommendations for improvements.
• Work closely with technical vendors and internal stakeholders to ensure compliance requirements are addressed and security solutions are implemented effectively.
• Coordinate and collaborate closely with IT and business users to ensure successful enablement of cybersecurity solutions.
• Oversee the planning, execution and delivery of cybersecurity solutions to ensure timely completion and provide regular progress updates and reports to stakeholders.
• Develop and manage project plans, resource allocation and risk management for successful project deliverables and outcomes.
• Stay up-to-date with emerging trends and technologies in IT security and make recommendations for their adoptions.

• Bachelor’s or above degree in Computer Science, Engineering or related field.
• At least 7+ years of experience in cybersecurity consulting, operations, solution implementations, or related technology projects. Candidates with more experience will be considered for senior specialist/manager roles.
• Proven experience in implementing cybersecurity solutions, including Identity and Access Management (IAM), Privileged Access Management (PAM), Secret Management Tools, or identity threat detect and response (ITDR), with knowledge in AI and machine learning would be a definite advantage.
• Cybersecurity certifications such as CISSP, CISP, or CISA, are highly preferred.
• In-depth knowledge of IT security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, Digital Policy Office (DPO) IT Security Policy, and Cybersecurity Law of the People’s Republic of China.
• Strong understanding of computer systems, including operating systems, databases, network, infrastructure, and cloud computing.
• Analytical thinker with the ability to understand, visualize, analyse, and resolve difficult issues.
• Experienced with cloud computing platforms such as AWS or Azure, and DevSecOps practices and tools such as Jenkins, Docker, or Kubernetes.
• Hands-on experience with system implementations and operations, including system hardening, vulnerability and patch management, system architecture and infrastructure design.
• Excellent interpersonal, communication, writing, presentation skills, organizational and time management skills, with ability to work independently in a fast-paced environment and build strong relationship with stakeholders.
• For project management role, at least 5+ years of experience in managing cybersecurity or related technology projects, with certification such as Project Management Professional (PMP) or equivalent highly preferred.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology

Referrals increase your chances of interviewing at Chinasoft International by 2x

Get notified about new Information Technology Security Specialist jobs in Hong Kong SAR .

Sha Tin District, Hong Kong SAR 6 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

5 days ago Be among the first 25 applicants

Join our fast-paced team as a Senior Information Security Specialist, contributing to global security operations across various entities at the group level. In this role, you'll utilize advanced tools for threat detection, incident response, and proactive security measures, ensuring robust protection against emerging cyber threats.

Responsibilities

• Utilize cybersecurity tools like SIEM, EDR, and SOAR for effective threat management.
• Stay updated on emerging cyber threats, vulnerabilities, and mitigation techniques.
• Lead incident response, management, and investigations.
• Conduct purple team exercises and threat hunting to identify risks.
• Analyze threat actors and their tactics through detailed research.
• Perform malware analysis to prevent future attacks.
• Oversee actionable Threat Intelligence (TI) collection and execution.
• Propose and implement security initiatives to combat emerging threats.
• Develop and update playbooks and documentation for security processes.
• Provide expertise in creating and maintaining security frameworks and policies.
• Evaluate new software or products for security projects.
• Promote security awareness and conduct role-based training.
• Communicate cybersecurity risks effectively to stakeholders.

Requirements

• Must have 5-8 years of experience in Information Security with hands-on expertise in Security Engineering, Operations, Cyber Threat Intelligence, Digital Forensics, Incident Response, Endpoint, or Cloud Security.
• Must be skilled with security event tools and incident response within a blue team context.
• Nice to have: Experience in Red Teaming and Penetration Testing (PenTest), as well as in-house security operations.
• Proficient with SIEM, EDR, SOAR, Vulnerability Management, and Open-Source Tools.
• Familiar with cloud environments such as AWS, Azure, and GCP.
• Knowledge of malware reverse-engineering techniques.
• Proficient in one coding language (Python, Java, etc.).
• Strong understanding of the MITRE ATT&CK framework.
• Professional English proficiency; Chinese is a plus.

About OSL

As a subsidiary of the publicly listed OSL Group (HKEX: 863.HK), OSL Digital Securities is Hong Kong’s first and most established SFC-licensed and insured digital asset platform. Operating since 2018, the platform provides institutional-grade digital asset services to corporations, financial institutions, professional and retail investors.

OSL Core Values

Be customer-centered

Be a high-performing team

Be relentlessly innovative

Be an owner

Be geared toward action

Be compliant

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Finance, Accounting/Auditing, and Information Technology
• Industries Securities and Commodity Exchanges and Financial Services

Referrals increase your chances of interviewing at OSL by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

5 days ago Be among the first 25 applicants

Join our fast-paced team as a Senior Information Security Specialist, contributing to global security operations across various entities at the group level. In this role, you'll utilize advanced tools for threat detection, incident response, and proactive security measures, ensuring robust protection against emerging cyber threats.

Responsibilities

• Utilize cybersecurity tools like SIEM, EDR, and SOAR for effective threat management.
• Stay updated on emerging cyber threats, vulnerabilities, and mitigation techniques.
• Lead incident response, management, and investigations.
• Conduct purple team exercises and threat hunting to identify risks.
• Analyze threat actors and their tactics through detailed research.
• Perform malware analysis to prevent future attacks.
• Oversee actionable Threat Intelligence (TI) collection and execution.
• Propose and implement security initiatives to combat emerging threats.
• Develop and update playbooks and documentation for security processes.
• Provide expertise in creating and maintaining security frameworks and policies.
• Evaluate new software or products for security projects.
• Promote security awareness and conduct role-based training.
• Communicate cybersecurity risks effectively to stakeholders.

Requirements

• Must have 5-8 years of experience in Information Security with hands-on expertise in Security Engineering, Operations, Cyber Threat Intelligence, Digital Forensics, Incident Response, Endpoint, or Cloud Security.
• Must be skilled with security event tools and incident response within a blue team context.
• Nice to have: Experience in Red Teaming and Penetration Testing (PenTest), as well as in-house security operations.
• Proficient with SIEM, EDR, SOAR, Vulnerability Management, and Open-Source Tools.
• Familiar with cloud environments such as AWS, Azure, and GCP.
• Knowledge of malware reverse-engineering techniques.
• Proficient in one coding language (Python, Java, etc.).
• Strong understanding of the MITRE ATT&CK framework.
• Professional English proficiency; Chinese is a plus.

About OSL

As a subsidiary of the publicly listed OSL Group (HKEX: 863.HK), OSL Digital Securities is Hong Kong’s first and most established SFC-licensed and insured digital asset platform. Operating since 2018, the platform provides institutional-grade digital asset services to corporations, financial institutions, professional and retail investors.

OSL Core Values

Be customer-centered

Be a high-performing team

Be relentlessly innovative

Be an owner

Be geared toward action

Be compliant

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Finance, Accounting/Auditing, and Information Technology
• Industries Securities and Commodity Exchanges and Financial Services

Referrals increase your chances of interviewing at OSL by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

3 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Chinasoft International

Work Location: On-site at a Financial Regulatory Institution (Central, Hong Kong)

Company: Chinasoft International

Employment Type: Contract (12 months, renewable)

Work Location: On-site at a Financial Regulatory Institution (Central, Hong Kong)

Chinasoft International is seeking an experienced and technically skilled IT Security Specialist to join our professional services team. The selected candidate will be seconded to a prominent financial regulatory body in Hong Kong to support mission-critical cybersecurity projects. This role requires solid experience in enterprise IT security, cybersecurity architecture, and operations. You will work closely with internal teams and external vendors to design, implement and manage the cybersecurity infrastructure and compliance initiatives of the client.

The ideal candidate will have hands-on experience in:

• Cybersecurity domains such as identity and access management, security architecture and engineering.
• Cybersecurity solution implementation in an enterprise environment.

• Serve as a Subject Matter Expert to support the research, design, procurement, implementation, operationalization, and optimization of new and revamp of the cybersecurity solutions.
• Participate in the system development lifecycle (SDLC), such as architecture and infrastructure design, technical requirement and operation documentation, technical and user testing, user training, maintenance and support.
• Participate in system integration developments and administer, support and troubleshoot cybersecurity Systems.
• Develop, maintain and fine-tune system operating procedures, including back-up & disaster recovery, vulnerability, update & patch management, system maintenance and monitoring and audit.
• Identify and mitigate security-related incidents, perform vulnerability assessments, support penetration tests, and provide recommendations for improvements.
• Work closely with technical vendors and internal stakeholders to ensure compliance requirements are addressed and security solutions are implemented effectively.
• Coordinate and collaborate closely with IT and business users to ensure successful enablement of cybersecurity solutions.
• Oversee the planning, execution and delivery of cybersecurity solutions to ensure timely completion and provide regular progress updates and reports to stakeholders.
• Develop and manage project plans, resource allocation and risk management for successful project deliverables and outcomes.
• Stay up-to-date with emerging trends and technologies in IT security and make recommendations for their adoptions.

• Bachelor’s or above degree in Computer Science, Engineering or related field.
• At least 7+ years of experience in cybersecurity consulting, operations, solution implementations, or related technology projects. Candidates with more experience will be considered for senior specialist/manager roles.
• Proven experience in implementing cybersecurity solutions, including Identity and Access Management (IAM), Privileged Access Management (PAM), Secret Management Tools, or identity threat detect and response (ITDR), with knowledge in AI and machine learning would be a definite advantage.
• Cybersecurity certifications such as CISSP, CISP, or CISA, are highly preferred.
• In-depth knowledge of IT security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, Digital Policy Office (DPO) IT Security Policy, and Cybersecurity Law of the People’s Republic of China.
• Strong understanding of computer systems, including operating systems, databases, network, infrastructure, and cloud computing.
• Analytical thinker with the ability to understand, visualize, analyse, and resolve difficult issues.
• Experienced with cloud computing platforms such as AWS or Azure, and DevSecOps practices and tools such as Jenkins, Docker, or Kubernetes.
• Hands-on experience with system implementations and operations, including system hardening, vulnerability and patch management, system architecture and infrastructure design.
• Excellent interpersonal, communication, writing, presentation skills, organizational and time management skills, with ability to work independently in a fast-paced environment and build strong relationship with stakeholders.
• For project management role, at least 5+ years of experience in managing cybersecurity or related technology projects, with certification such as Project Management Professional (PMP) or equivalent highly preferred.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology

Referrals increase your chances of interviewing at Chinasoft International by 2x

Get notified about new Information Technology Security Specialist jobs in Hong Kong SAR .

Sha Tin District, Hong Kong SAR 6 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

1 day ago Be among the first 25 applicants

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Get AI-powered advice on this job and more exclusive features.

About Mox

Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Application Deadline: 6 October 2025

Department: Technology-CDSIO

Location: Hong Kong (SAR)

• Provide security expertise to ensure the ongoing confidentiality, integrity, and availability of systems and information effectively and efficiently.
• Scope and perform hands-on penetration testing and security assessments of web applications, APIs, infrastructure, cloud environments and mobile (iOS/Android) apps to assess and validate their security posture
• Write high quality reports on identified vulnerabilities, including recommendations to remediate, and deliver report to stakeholders
• Manage security assessments conducted by vendors and consultants
• Manage the penetration testing pipeline to ensure on-time completion and delivery
• Work closely with key development and operations stakeholders to ensure timely remediation
• Conduct security code reviews and make recommendations to developers
• ·Drive security awareness of secure coding practices and techniques
• Work collaboratively with key development and operations stakeholders to support the secure CI/CD pipeline
• Conduct offensive research to evaluate emerging cyber security threats and trends
• Work closely with the security operations team to proactively identify potential weaknesses, threats or vulnerabilities and address them
• Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
• Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
• Build strong working relationships across the business and technology teams
  
  

• 5+ Years’ experience in IT security related positions with a key focus on penetration testing and application security
• You should be able to demonstrate:
• Passion for offensive security and assurance
• Risk mindset and knowledge of risk management guidelines and frameworks
• Good understanding of penetration testing methodologies / techniques and software security principles
• Ability to communicate and articulate technical findings with stakeholders at all levels of the business
• Hands-on threat, vulnerability, and remediation management experience
• Experience working in a cloud and container-based environment is highly desired
• Critical thinker with strong problem-solving and analytical skills
• Strong time management and ability to manage multiple projects under strict timelines.
• Development and automation experience in one or more programming languages are highly desired
• Strong collaborative nature and ability to contribute to a team environment
• Previous experience working within the finance/banking or advisory services industry beneficial
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Banking

Referrals increase your chances of interviewing at Mox Bank by 2x

Sha Tin District, Hong Kong SAR 6 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

Central & Western District, Hong Kong SAR 3 days ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwun Tong District, Hong Kong SAR 4 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Key Role

As Application Security Specialist & Penetration Tester, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated tool validation, which will focus on targets that may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.

You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, with the goal of ensuring wizlynx group’s customers remain one step ahead of its adversaries.

This role will be part of a team of Cyber Security Experts, providing excellent services to customers and internal teams.

What your key responsibilities will be

Responsibilities may include the following, but are not limited to:

• Lead and execute secure code review, network, web application, and wireless penetration tests that will vary in level of complexity from simple to potentially complex.
• Author quality secure code review and penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses.
• Serve as a consultant in pre-sales, including assessment of client needs, project scopes, and proposal preparation.
• Share all knowledge and training with internal colleagues and teams.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends/best practices, offensive techniques, tools, and software development paradigms.

What we are looking for

• Bachelor’s degree, preferably in computer science or information systems, or equivalent work experience.
• Minimum of one year professional experience in penetration testing and code review.
• Technical knowledge across a broad range of computing platforms and network protocols.
• High proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows, including bash and PowerShell.
• High proficiency in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems).
• Proven professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection, and web server configuration issues.
• Good knowledge of both static and dynamic analysis of an application, be it web-based, mobile app, or standalone.
• Experience with tools such as Microfocus Fortify or Checkmarx are an asset.
• Ability in reviewing source code, including the evaluation of best practices for the platform/framework in use.
• Very good knowledge of one or more of the following programming languages & frameworks: Python, .NET, Perl, and Java.
• Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiences.
• Certifications such as OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB, GWEB) are an asset.

Language Skills:

• Excellent communication skills in English and Cantonese (written and spoken); other languages are an advantage.

Soft Skills:

• Excellent interpersonal skills, capable of interacting with people at all levels; team player.
• Action-oriented and results-driven.
• Organized with strong time-management skills.
• Ability to dynamically switch among different tasks.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Strong problem-solving and analytical skills.

What we are offering you

You will get the opportunity to work with the best cyber security experts in a multi-cultural environment.

At wizlynx group, you will also have the chance to go to conferences, participate in ethical hacking competitions, attend advanced trainings, and pass highly recognized certifications. We are offering you to work in a thrilling, challenging but fun environment where what you do is important and meaningful. At wizlynx, there is no limit but the sky. If you wish to learn and get involved in other areas of cyber security or the business, we will ensure that you get all the help you need to succeed. Furthermore, as a senior penetration tester, you will be part of the wizlynx red teaming services consisting of emulating real-world threats using cybercriminals' TTPs. You will get dedicated time for security research on topics that interest you the most.

Who we are

wizlynx group is an ethical, trustworthy, and vendor-agnostic Swiss Cyber Security provider. Our customers rely on us to effectively protect their business and trade secrets against any form of cybercrime, such as malware outbreaks, malicious insiders, cyberattacks, cyber espionage, data leakage, and more.

We live and breathe Cyber Security! For this reason, we have designed a service portfolio that covers the entire risk management lifecycle to ensure our customers benefit the most from our passion and experience, but primarily to maximize their protection.

Our Cyber Security Services rely on highly skilled security professionals and penetration testers with long-lasting experience, both in defense and offense, while holding the most recognized certifications in the industry.

Apply now if you think you are a good match! We will respond to let you know what the next steps are, but in the meantime feel free to check us out:

Your Full Name

Your Email

Upload Resume

Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

1 day ago Be among the first 25 applicants

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Get AI-powered advice on this job and more exclusive features.

About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Application Deadline: 6 October 2025

Department: Technology-CDSIO

Location: Hong Kong (SAR)

• Provide security expertise to ensure the ongoing confidentiality, integrity, and availability of systems and information effectively and efficiently.
• Scope and perform hands-on penetration testing and security assessments of web applications, APIs, infrastructure, cloud environments and mobile (iOS/Android) apps to assess and validate their security posture
• Write high quality reports on identified vulnerabilities, including recommendations to remediate, and deliver report to stakeholders
• Manage security assessments conducted by vendors and consultants
• Manage the penetration testing pipeline to ensure on-time completion and delivery
• Work closely with key development and operations stakeholders to ensure timely remediation
• Conduct security code reviews and make recommendations to developers
• ·Drive security awareness of secure coding practices and techniques
• Work collaboratively with key development and operations stakeholders to support the secure CI/CD pipeline
• Conduct offensive research to evaluate emerging cyber security threats and trends
• Work closely with the security operations team to proactively identify potential weaknesses, threats or vulnerabilities and address them
• Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
• Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
• Build strong working relationships across the business and technology teams
  

• 5+ Years’ experience in IT security related positions with a key focus on penetration testing and application security
• You should be able to demonstrate:
• Passion for offensive security and assurance
• Risk mindset and knowledge of risk management guidelines and frameworks
• Good understanding of penetration testing methodologies / techniques and software security principles
• Ability to communicate and articulate technical findings with stakeholders at all levels of the business
• Hands-on threat, vulnerability, and remediation management experience
• Experience working in a cloud and container-based environment is highly desired
• Critical thinker with strong problem-solving and analytical skills
• Strong time management and ability to manage multiple projects under strict timelines.
• Development and automation experience in one or more programming languages are highly desired
• Strong collaborative nature and ability to contribute to a team environment
• Previous experience working within the finance/banking or advisory services industry beneficial
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Banking

Referrals increase your chances of interviewing at Mox Bank by 2x

Sha Tin District, Hong Kong SAR 6 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

Central & Western District, Hong Kong SAR 3 days ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwun Tong District, Hong Kong SAR 4 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Key Role

As Application Security Specialist & Penetration Tester, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated tool validation, which will focus on targets that may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.

You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, with the goal of ensuring wizlynx group’s customers remain one step ahead of its adversaries.

This role will be part of a team of Cyber Security Experts, providing excellent services to customers and internal teams.

What your key responsibilities will be

Responsibilities may include the following, but are not limited to:

• Lead and execute secure code review, network, web application, and wireless penetration tests that will vary in level of complexity from simple to potentially complex.
• Author quality secure code review and penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses.
• Serve as a consultant in pre-sales, including assessment of client needs, project scopes, and proposal preparation.
• Share all knowledge and training with internal colleagues and teams.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends/best practices, offensive techniques, tools, and software development paradigms.

What we are looking for

• Bachelor’s degree, preferably in computer science or information systems, or equivalent work experience.
• Minimum of one year professional experience in penetration testing and code review.
• Technical knowledge across a broad range of computing platforms and network protocols.
• High proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows, including bash and PowerShell.
• High proficiency in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems).
• Proven professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection, and web server configuration issues.
• Good knowledge of both static and dynamic analysis of an application, be it web-based, mobile app, or standalone.
• Experience with tools such as Microfocus Fortify or Checkmarx are an asset.
• Ability in reviewing source code, including the evaluation of best practices for the platform/framework in use.
• Very good knowledge of one or more of the following programming languages & frameworks: Python, .NET, Perl, and Java.
• Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiences.
• Certifications such as OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB, GWEB) are an asset.

Language Skills:

• Excellent communication skills in English and Cantonese (written and spoken); other languages are an advantage.

Soft Skills:

• Excellent interpersonal skills, capable of interacting with people at all levels; team player.
• Action-oriented and results-driven.
• Organized with strong time-management skills.
• Ability to dynamically switch among different tasks.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Strong problem-solving and analytical skills.

What we are offering you

You will get the opportunity to work with the best cyber security experts in a multi-cultural environment.

At wizlynx group, you will also have the chance to go to conferences, participate in ethical hacking competitions, attend advanced trainings, and pass highly recognized certifications. We are offering you to work in a thrilling, challenging but fun environment where what you do is important and meaningful. At wizlynx, there is no limit but the sky. If you wish to learn and get involved in other areas of cyber security or the business, we will ensure that you get all the help you need to succeed. Furthermore, as a senior penetration tester, you will be part of the wizlynx red teaming services consisting of emulating real-world threats using cybercriminals' TTPs. You will get dedicated time for security research on topics that interest you the most.

Who we are

wizlynx group is an ethical, trustworthy, and vendor-agnostic Swiss Cyber Security provider. Our customers rely on us to effectively protect their business and trade secrets against any form of cybercrime, such as malware outbreaks, malicious insiders, cyberattacks, cyber espionage, data leakage, and more.

We live and breathe Cyber Security! For this reason, we have designed a service portfolio that covers the entire risk management lifecycle to ensure our customers benefit the most from our passion and experience, but primarily to maximize their protection.

Our Cyber Security Services rely on highly skilled security professionals and penetration testers with long-lasting experience, both in defense and offense, while holding the most recognized certifications in the industry.

Apply now if you think you are a good match! We will respond to let you know what the next steps are, but in the meantime feel free to check us out:

Your Full Name

Your Email

Upload Resume

Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.