What Jobs are available for Security Analysis in Hong Kong?

Red Team, Penetration Testing, Nmap, Wireshark, Burp Suite, OWASP

We are seeking a talented Cybersecurity Analyst (Junior Pentestor) for one of our sizeable in-house clients.

Your new role

• Perform penetration testing on various applications, systems, and networks.
• Assist in the development and execution of security testing methodologies.
• Document vulnerabilities and assess their impact on the organisation.
• Collaborate with cross-functional teams to remediate identified vulnerabilities.
• Stay updated on the latest security trends, tools, and methodologies.

What you'll need to succeed

• 1+ years of Cybersecurity experience (Red Team or Penetration Testing)
• Familiarity with penetration testing tools and methodologies.
• Basic understanding of networking concepts and security protocols.
• Proficiency in Chinese and English
• Excellent communication and teamwork abilities.

What you need to do now

If you fulfil all the qualifications mentioned above and have the drive to succeed or are interested in similar roles within Information Technology Sector, please contact me with an attached CV at or please call

In this position, you will:

• Security Incident Response and Investigation
• Handle escalated security incidents, analyze root causes, and perform attack attribution.
• Investigate logs, network traffic, and malware to identify threats and reconstruct attack timelines.
• Coordinate with system owner to remediate vulnerabilities and restore systems.
• SIEM and Tool Management
• Configure, optimize, and maintain SIEM rules and monitoring tools.
• Integrate log sources and improve detection accuracy while reducing false positives.
• Automate incident responses and test detection rules regularly.
• Threat Intelligence and Analysis
• Apply threat intelligence to enhance detection capabilities.
• Analyze attacker behavior and extract Indicators of Compromise (IoCs).
• Conduct forensic investigations on compromised hosts and networks.
• Compliance and Reporting
• Ensure security tools and processes meet regulatory compliance.

To be successful in this position, you should meet the following requirements:

• Bachelor Degree or above in Cybersecurity, Computer Science, IT or related disciplines
• 3–5 years in SOC or cybersecurity roles, with hands-on experience in incident response and threat analysis
• Proficiency with SIEM tools (e.g., Splunk, Elastic) and EDR platforms
• Strong ability to analyze logs, network traffic, and malware samples
• Familiarity with forensic investigation tools (e.g., Wireshark, Volatility)
• In-depth knowledge of security frameworks (e.g., MITRE ATT&CK, NIST CSF)
• Strong understanding of network protocols, operating systems (Windows, Linux), and cloud environments
• Ability to think critically and quickly identify root causes of incidents
• Excellent communication and coordination skills to work with cross-functional teams

When you work:

• 5 days work
• 8 hours/day

What you enjoy:

• Discretionary Performance bonus
• Life insurance
• Medical insurance
• Education subsidies
• Birthday gift
• Marriage leave
• Birthday leave

CMHK is committed to be an equal opportunity employer. We offer exceptional benefits package and the opportunity to work in a challenging environment. Personal data provided by applicants will be treated strictly in accordance with our personal data policy and for recruitment purposes only.

About the Role

• Engage with stakeholders across BUs to gather detailed business requirements related to cybersecurity and infrastructure compliance.
• Analyze business processes to identify areas contributing to non-compliance, especially in network environments.
• Prioritize requirements in collaboration with BUs based on business impact, urgency, and feasibility.
• Maintain traceability of requirements throughout the project lifecycle.
• Facilitate communication to ensure mutual understanding of requirements and constraints.
• Apply knowledge of network infrastructure (LAN/WAN, Wi-Fi, VPN, IP routing) and cybersecurity principles to validate and contextualize business requirements.
• Collaborate with IT and cybersecurity teams to assess technical feasibility and propose solutions.

About You

• Minimum 5 years of experience in business analysis, preferably in large-scale or cross-functional projects.
• Minimum 2 years of experience in collecting requirements for network infrastructure projects, especially in Hong Kong.
• Strong understanding of network infrastructure and cybersecurity, including but not limited to: LAN/WAN architecture, Wi-Fi and VPN technologies, IP routing configuration, Cybersecurity compliance frameworks, CBAP (Certified Business Analysis Professional), PMI-PBA (Professional in Business Analysis)
• Experience in regulated industries (e.g., utilities, manufacturing, finance) with high cybersecurity

Are you dedicated to excellence in your work? Do you excel in a team-oriented environment, upholding integrity and responsibility while embracing opportunities for growth? We welcome you to join a dynamic team committed to outstanding performance.

We are a globally renowned organization in the hospitality sector, celebrated for delivering unparalleled experiences in top-tier locations worldwide. Our focus on innovation and exceptional service fuels our success, and we are looking for a skilled professional to enhance our cybersecurity team.

Position Title: Security Analyst

Position Objective:

The Security Analyst will contribute to global cybersecurity efforts by overseeing, evaluating, and strengthening security measures across on-premises, cloud, and mobile platforms. This role will partner with security engineers, architects, and IT teams to identify, analyze, and mitigate threats, ensuring compliance and robustness throughout our digital infrastructure.

Key Responsibilities:

• Oversee the performance, reliability, stability, and compliance of security systems, working with business units to address deficiencies
• Identify and respond to network irregularities and malware incidents across various security tools
• Administer and monitor Data Loss Prevention (DLP) solutions for networks, hosts, and cloud environments
• Examine and handle alerts from Security Information and Event Management (SIEM) systems
• Supervise email and spam filtering systems, addressing malicious activities
• Manage application whitelisting and file integrity monitoring processes
• Ensure adherence to cybersecurity configurations through vulnerability management tools
• Address vulnerabilities and findings from penetration testing
• Undertake additional tasks as directed by the Manager, Security Architecture

Qualifications:

• Bachelor's degree in Information Systems, Computer Science, or comparable experience
• 2–4 years of experience in IT or cybersecurity positions
• Proficient in SIEM, Intrusion Detection/Prevention Systems (IDS/IPS), malware defense, DLP, Identity and Access Management (IAM), vulnerability scanning, and incident response

Our Commitment to You:

• Learning & Development: We support your success with customized training programs to foster your career growth.
• Travel Perks: Benefit from complimentary stays and discounted rates at our global properties for you and your family.
• Health & Wellness: We provide a range of health benefits and wellness initiatives to promote a balanced lifestyle.
• Retirement Benefits: Depending on your role and length of service, we offer retirement plans to honor your dedication.

A leading multinational servicing company is looking to strengthen their cybersecurity team by recruiting a Security Analyst. This role reports to the Security Architecture Manager and will be responsible for supporting global cybersecurity operations by monitoring, analyzing, and maintaining the security posture across on-premises, cloud, and mobile environments.

Candidates should have exposure in the following:

• Minimum 2 to 4 years of experience in IT or cybersecurity roles
• Strong knowledge of SIEM, IDS/IPS, malware protection, Data Loss Prevention (DLP), Identity and Access Management (IAM), vulnerability scanning, and incident response
• Proven ability to detect and respond to network anomalies and malware events across multiple security platforms
• Experience managing and monitoring DLP solutions, email filtering systems, and application whitelisting
• Skilled at investigating and managing SIEM alerts and overseeing cybersecurity configuration compliance via vulnerability management tools
• Bachelor's degree in Information Systems, Computer Science, or equivalent experience

This role requires strong collaboration skills to work closely with security engineers, architects, and IT teams to ensure compliance and resilience across the organization's digital infrastructure.

For more information, please contact OR WhatsApp

Job Responsibilities:

• Develop and implement appropriate security measures to safeguard the delivery of IT services. Research and evaluate new technologies in adapting security protection to the latest threat landscape
• Participate in security monitoring, detecting and analysis of events related to security
• To protect client's applications and servers from attacks by deploying countermeasures on the spot
• To commence emergency recovery procedures through mitigations promptly
• To support customers by diagnosing the occurrence of incidents, and directly coordinate with clients over the phone, email and other supporting instant message tools
• To participate in the 24x7 operation and ensure a smooth and efficient operation

Job Requirements:

• University Degree or Diploma holder on Computer Studies or Information Technology is preferred.
• Knowledge of Network Security is a must
• Experience in handling DDOS events would be a preference
• Work experience in Security Operations Center (SOC) would be a preference
• Self-motivated team player with strong sense of responsibilities, service and customer oriented.
• Mature, independent with good communication skills.
• Conversational in English and/or Chinese.
• 24x7 roster shift duty is required

Job Description:

As an IT Security Analyst, you will play a critical role in safeguarding our organization's digital assets and infrastructure. You will be responsible for monitoring and analyzing security events, identifying potential threats, and responding to security incidents. Your expertise will be essential in conducting vulnerability assessments, implementing security controls, and ensuring compliance with industry standards and regulations. You will collaborate with cross-functional teams to develop and maintain security policies, procedures, and awareness programs, while staying abreast of the latest security trends and technologies. Your proactive approach to threat detection and incident response will be vital in maintaining the confidentiality, integrity, and availability of our systems and data.

Core Responsibilities & Duties:

• Security Monitoring and Analysis:

• Monitor security logs, network traffic, and system events for suspicious activity.

• Analyze security alerts and events to identify potential threats and vulnerabilities.
• Utilize security information and event management (SIEM) tools to detect and correlate security incidents.

• Incident Response:

• Participate in incident response activities, including containment, eradication, and recovery.

• Conduct forensic analysis to investigate security breaches and determine the root cause.
• Document security incidents and response actions.

• Vulnerability Management:

• Conduct vulnerability assessments and penetration testing to identify security weaknesses.

• Prioritize and track vulnerabilities and recommend remediation actions.
• Manage and maintain vulnerability scanning tools.

• Security Control Implementation:

• Implement and maintain security controls, such as firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus software.

• Configure and manage security systems and applications.
• Ensure security controls are properly implemented and maintained.

• Compliance and Auditing:

• Assist in security audits and compliance assessments (e.g., GDPR, HIPAA, PCI DSS).

• Develop and maintain security policies, procedures, and standards.
• Ensure compliance with relevant security regulations and industry best practices.

• Security Awareness and Training:

• Develop and deliver security awareness training programs for2 employees.

• Educate users on security best practices and potential threats.
• Promote a security-conscious culture within the organization.

• Threat Intelligence:

• Stay up to date on the latest security threats and vulnerabilities.

• Research and analyze threat intelligence to identify potential risks.
• Provide threat intelligence reports and recommendations.

• Collaboration and Communication:

• Collaborate with cross-functional teams to address security concerns.

• Communicate security risks and recommendations to stakeholders.
• Provide clear and concise security reports and documentation.

• Documentation and Reporting:

• Maintain accurate and up-to-date security documentation.

• Generate regular security reports and metrics.
• document security procedures.

Qualifications:

• A degree in the field of Computer Science or related field, or equivalent experience is required
• 5 + years of experience in IT information security

· Strong technical and consulting skills, project management capability

· Experience with security and risk frameworks, standards, and best practices

· Able to present effectively to executive level in both business and IT terms

Skills:

• The ideal candidate will possess a "can do" attitude with a "will do" work ethic
• Quick thinker, experienced in unconventional problem solving
• Excellent understanding of business complexity and project interdependencies
• Excellent communication, written, verbal, analytical and problem-solving skills
• Suitable time management skills and ability to meet deadlines
• Strong understanding of the organization's goals and objectives
• Exceptional interpersonal skills, with a focus on listening and questioning skills
• Strong documentation skills
• Ability to conduct research into a wide range of computing issues as required
• Ability to absorb and retain information quickly
• Ability to present ideas in user-friendly language to non-technical staff and end users
• A keen attention to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Exceptional customer service orientation
• Experience working in a team-oriented, collaborative environment

We offer an exciting work environment and excellent career development opportunities. If you have the desire for an exciting and rewarding career, please send us your resume immediately, quoting your present and expected salary as well as the reference number to Human Resources Department.

Personal data collected would be used for recruitment purpose only.

Job Description:

• Minimum of 4 years of experience in information security or a similar role.
• Strong understanding of information security principles, standards, and best practices.
• General knowledge in industry regulations and framework such as NIST Cybersecurity Framework, ISO27001 or PCI DSS.
• Experience with security assessment tools and techniques.
• Knowledge in network and system security, including firewalls, intrusion detection/prevention systems, and endpoint protection.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Relevant certifications such as CISSP, CISM, or CEH are desirable.

About Pure Software:

PureSoftware, a wholly owned subsidiary of Happiest Minds Technologies, is a global software products and digital services company. PureSoftware has been driving transformation for the world's top organizations across various industry verticals, including banking, financial services, and insurance, life sciences and healthcare, high tech and communications, retail and logistics, and gaming and entertainment. Arttha, from PureSoftware, is a globally trusted financial technology platform.

PureSoftware is Great Place to Work Certified in India for the third consecutive year

Job Purpose

You will be responsible for carrying out information security functions and activities for the Technology function.

Responsibilities

• Protect the confidentiality, integrity and availability of all assets and systems through monitoring, detection, and analysis activities
• Review and assess information security requests to determine compliance with organizational policies and standards.
• Prepare and present cybersecurity-related reports, highlighting risks, incidents, and remediation efforts.
• Facilitate the annual recertification process for user access and security controls.
• Collaborate with IT teams to implement security measures, and remediate the audit findings
• Participate in and manage security-related projects to enhance overall security posture.
• Support Information security team to develop and implement security policies, procedures and guidelines
• Validate information security controls effectiveness and agreed deliverables to assure security standards/plans are achieved.
• Review the current IT Security solution and Security Policy to identify potential gaps within the organisation
• Undertake monitoring of security controls and policy adherence in line with Bupa policies based on ISO27001 and NIST Cybersecurity
• Monitor the security controls for security breaches and investigate violations
• Conduct risk and vulnerability assessment at the network, system and application level, and assess resulting impact on risk

Qualifications, Training and Experience

• Relevant Bachelor's/Master's degree holder from a recognized university
• 3-5 years of relevant work experience on managing security technologies
• Work experience in cloud security solution experience (Wiz preferred)
• Work experience in web proxy / SASE solutions (Palo Alto Prisma SASE preferred)
• Work experience cloud platforms (Azure, GCP preferred)
• Experience in managing security solutions, such as Wiz, Palo Alto Prisma, Zscaler, MS Defender, Imperva, Cloudfare
• Scripting skills, such as Terraforms, MS PowerShell, Python
• Good communication skills and the ability to collaborate well with across departments
• Able to demonstrate a positive, logical, and proactive approach while executing the assigned tasks
• Certification holder in information security (CISSP, CISA, etc.) will be an advantage.
• Ability to prioritize work and design schedules to meet the desired requirements

Bupa offers 5 days' work per week and comprehensive remuneration packages including base salary, study assistance plan, company pension plan, life and medical benefit, dental benefit, annual leave, examination leave, etc.

Bupa is an equal opportunity employer and welcomes applications from qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of application with Bupa.

Personal data collected will be used for recruitment purposes only. Bupa will be in touch for any opportunities that matches your profile. All personal data of unsuccessful application will be destroyed 24 months from the date of receiving the application. Full version of Data Privacy Notice available upon request.