9 Penetration Tester jobs in Hong Kong

Red Team, Burp Suite, Nessus, APAC exposure

We are seeking a talented Penetration Tester (Red Teaming) for one of our most sizeable international clients.

Your new role

• Conduct thorough penetration tests on applications, networks, and systems to identify vulnerabilities and recommend remediation strategies.
• Collaborate with cross-functional teams to enhance security measures and implement best practices.
• Provide detailed reports and presentations on findings, including risk assessments and actionable recommendations.
• Stay updated on the latest security trends, threats, and technologies to continuously improve our security posture.

What you'll need to succeed

• 3+ years of experience in penetration testing, vulnerability assessment, and security auditing
• Strong understanding of web and mobile application security, network protocols, and operating systems
• Proficiency with penetration testing tools (e.g., Burp Suite, Metasploit, Nessus)
• Relevant certifications (e.g., OSCP, CEH, GPEN) are a plus
• Proficiency in Chinese, English and Putonghua

What you need to do now

If you fulfil all the qualifications mentioned above and have the drive to succeed or are interested in similar roles within Information Technology Sector, please contact me with an attached CV at or please call

Red Team, Burp Suite, Nessus, APAC exposure

We are seeking a talented Penetration Tester (Red Teaming) for one of our most sizeable international clients.

Your new role

• Conduct thorough penetration tests on applications, networks, and systems to identify vulnerabilities and recommend remediation strategies.
• Collaborate with cross-functional teams to enhance security measures and implement best practices.
• Provide detailed reports and presentations on findings, including risk assessments and actionable recommendations.
• Stay updated on the latest security trends, threats, and technologies to continuously improve our security posture.

What you'll need to succeed

• 3+ years of experience in penetration testing, vulnerability assessment, and security auditing
• Strong understanding of web and mobile application security, network protocols, and operating systems
• Proficiency with penetration testing tools (e.g., Burp Suite, Metasploit, Nessus)
• Relevant certifications (e.g., OSCP, CEH, GPEN) are a plus
• Proficiency in Chinese, English and Putonghua

What you need to do now

If you fulfil all the qualifications mentioned above and have the drive to succeed or are interested in similar roles within Information Technology Sector, please contact me with an attached CV at or please call

As a Penetration Tester, you will play a critical role in identifying and assessing vulnerabilities in our Clients' networks, systems, and applications. You will be responsible for conducting independent penetration testing and vulnerability assessments to proactively identify and exploit vulnerabilities in order to assess the security posture and resilience of our Clients' assets.

You will work closely with our Clients to provide expert insights and recommendations for improving their security posture and mitigating risks.

• Communicate effectively and collaborate with clients to understand their business requirements to provide tailored scope of work (SOW).
• Perform independent penetration testing, source code review, vulnerability assessments and other information security consulting services provided by the Company.
• Develop detailed reports documenting findings and recommendations.

• Ensure that all your work meets high-quality standards, is delivered timely and reflects the highest level of technical excellence and capabilities in accordance with the Company's standards.
• Aim to achieve and demonstrate the highest level of Client satisfaction and service delivery excellence in all aspects of your work.

• Act as a team player, providing assistance, sharing knowledge and experience, actively contributing to the success of the team.
• Contribute to the development of the Company's internal methodologies, policies, processes, tools and techniques.
• Provide technical guidance and mentoring to junior team members, as needed.
• Maintain a good professional standing, act with integrity and ethics, and treat colleagues and Clients with respect.
• Actively invest in professional development by staying updated with the latest industry trends, technologies and threat landscapes to continually enhance knowledge and technical skills.

• Qualification in Computer Science, Cyber Security, Information Technology or related field.
• Experience in conducting penetration testing and vulnerability assessments in a professional setting.
• Excellent communication skills, both written and verbal, with the ability to effectively communicate technical concepts to non-technical stakeholders.
• Strong ethical mindset, maintaining confidentiality and integrity of client data and information.

• CREST certifications, Offensive Security Certified Professional (OSCP) or related certifications
• Knowledge and experience with PortSwigger Burp Suite Pro
• Knowledge and experience in evaluating applications against OWASP ASVS and MASVS

Mid-Senior level

Full-time

Information Technology

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ ) role at KPMG China

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ ) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.

Service Line Overview

At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.

Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.

We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.

Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  
  
  

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  
  
  

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Overview

FS Consulting - Cyber Security - Penetration Testing - Senior Consultant/Manager - Hong Kong

Diversity is a core value at EY. We are passionate about building and sustaining an inclusive and equitable working environment for all of our people. We believe every member in our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and to discover, design and deliver solutions.

The opportunity

Do you like to create and innovate?

Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing regulatory landscape are some of the challenges that customers face. EY teams are seeking people to join the fast growing EY businesses in helping our clients implement provable security at scale to combat these challenges. In particular, EY teams need people with proven experience and passion in penetration testing to help clients secure their application and infrastructure. If this is you, you will also have the opportunity to innovate on new ideas, technologies and explore new challenges.

• Lead a team to perform vulnerability scanning and penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc.
• Prepare and review testing reports and findings tracker sheets based on the provided template
• Lead a team to perform intelligence-led cyber attack simulation and run red teaming operations
• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and govern the mitigation of the identified vulnerabilities
• Research the latest security best practices and stay abreast of new threats and vulnerabilities
• Coach / mentor junior team members on VSPT and read teaming related knowledge and skills
• Participate in a fast-paced delivery in challenging projects of other cyber security domains
• Involve in customer relationship management, project management and team management
• Candidates with less experience will be considered as Senior Associate

• College degree or equivalent with minimum 5 years' related experience in penetration testing
• Mandatory Certification - any one of OSCP, CREST, GPXN, GPEN or equivalent
• Proven skills and knowledge in penetration testing and red teaming experiences and strong track records of projects delivered
• Good experience in using VSPT and red teaming tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.) and Risk Rating Standards like DREAD, CVSS etc.
• Proficiency in written and oral English communication skills. Cantonese is an advantage
• Experience in static and dynamic secure code review will be an advantage
• Experience in application security architecture and assessment will be an advantage
• Experience in threat intelligence and threat modeling will be an advantage

• Exposures to working with industry leading organizations
• Opportunities to develop new skills by working together with leading professionals in penetration testing and red teaming fields
• Opportunity to fast track your career and achieve your initiatives
• The freedom and flexibility to handle your role in a way that’s right for you
• Support, coaching and feedback from some of the most engaging colleagues around

As a global leader in assurance, tax, strategy and transactions and consulting services, we’re using the finance products, knowledge and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Consulting, Information Technology, and Accounting/Auditing
• Industries: Professional Services

Referrals increase your chances of interviewing at EY by 2x

Get notified about new Business Consultant jobs in Hong Kong, Hong Kong SAR .

Note: This description reflects the core responsibilities and qualifications for the role and does not include external postings or unrelated listings.

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ ) role at KPMG China

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ ) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.
Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.
Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.
We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.
Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  

• Seniority level Entry level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

FS Consulting - Cyber Security - Penetration Testing - Senior Consultant/Manager - Hong Kong

Diversity is a core value at EY. We are passionate about building and sustaining an inclusive and equitable working environment for all of our people. We believe every member in our team enriches our diversity by exposing us to a broad range of ways to understand and engage with the world, identify challenges, and to discover, design and deliver solutions.

The opportunity

Do you like to create and innovate?

Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing regulatory landscape are some of the challenges that customers face. EY teams are seeking people to join the fast growing EY businesses in helping our clients implement provable security at scale to combat these challenges. In particular, EY teams need people with proven experience and passion in penetration testing to help clients secure their application and infrastructure. If this is you, you will also have the opportunity to innovate on new ideas, technologies and explore new challenges.

• Lead a team to perform vulnerability scanning and penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc.
• Prepare and review testing reports and findings tracker sheets based on the provided template
• Lead a team to perform intelligence-led cyber attack simulation and run red teaming operations
• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and govern the mitigation of the identified vulnerabilities
• Research the latest security best practices and stay abreast of new threats and vulnerabilities
• Coach / mentor junior team members on VSPT and read teaming related knowledge and skills
• Participate in a fast-paced delivery in challenging projects of other cyber security domains
• Involve in customer relationship management, project management and team management
• Candidates with less experience will be considered as Senior Associate

• College degree or equivalent with minimum 5 years' related experience in penetration testing
• Mandatory Certification - any one of OSCP, CREST, GPXN, GPEN or equivalent
• Proven skills and knowledge in penetration testing and red teaming experiences and strong track records of projects delivered
• Good experience in using VSPT and red teaming tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.) and Risk Rating Standards like DREAD, CVSS etc.
• Proficiency in written and oral English communication skills. Cantonese is an advantage
• Experience in static and dynamic secure code review will be an advantage
• Experience in application security architecture and assessment will be an advantage
• Experience in threat intelligence and threat modeling will be an advantage

• Exposures to working with industry leading organizations
• Opportunities to develop new skills by working together with leading professionals in penetration testing and red teaming fields
• Opportunity to fast track your career and achieve your initiatives
• The freedom and flexibility to handle your role in a way that’s right for you
• Support, coaching and feedback from some of the most engaging colleagues around

As a global leader in assurance, tax, strategy and transactions and consulting services, we’re using the finance products, knowledge and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Consulting, Information Technology, and Accounting/Auditing
• Industries: Professional Services

Referrals increase your chances of interviewing at EY by 2x

Get notified about new Business Consultant jobs in Hong Kong, Hong Kong SAR .

Note: This description reflects the core responsibilities and qualifications for the role and does not include external postings or unrelated listings.

Client Description

Company Description: A leading technology, media, and telecommunication provider with over 150 years of history in Hong Kong. It offers comprehensive connectivity, smart living, and end-to-end enterprise solutions for local and international businesses.

Location: Central

Nature: Renewable Contract for 12 months

Job Description

• Act as the Primary Point of Contact for all local security-related requests and requirements.
• Coordinate with internal security stakeholders to efficiently address issues and ensure smooth communication flow.
• Conduct proactive Vulnerability and Common Vulnerabilities and Exposures (CVE) research that impacts the company's local systems and applications.
• Provide timely mitigation guidance, including recommendations for patches, configuration adjustments, or compensating controls.
• Test security patches in lower environments, such as Development and Sandbox, prior to deployment in production.
• Create and share production-ready commands and scripts for the validation of security fixes in the production environment.
• Perform penetration testing on local applications as requested by the security team.
• Validate security fixes and provide re-test reports to confirm the successful closure of identified issues.
• Assist the team in meeting fundamental compliance requirements through documentation, evidence gathering, and control validation.
• Provide advisory support on aligning security practices with applicable regional regulatory standards.

Job Requirements

• Possess three to four years of relevant experience in a security-focused role.
• AWS Cloud certification is mandatory for this position.
• Penetration testing certification is highly preferred.
• Demonstrated expert knowledge and experience in applying AWS cloud security best practices.
• Proven ability to support an application security program through secure design reviews, threat modeling, and code-level security guidance.
• Excellent problem-solving and analytical skills to research and resolve complex security issues.
• Strong communication and coordination skills to effectively liaise with technical and non-technical stakeholders.