What Jobs are available for Security Engineering in Hong Kong?

Pinpoint Asia is representing one of Hong Kong's most respected and technologically complex institutions. Our client is a leader in its field, investing heavily in building a world-class cyber defense function to protect critical assets and data.

We are looking for a strategic, hands-on leader to take full ownership of their Vulnerability Management and Offensive Security program. This is a high-impact role where you will shape the strategy, lead a specialist team, and act as the ultimate authority on identifying and mitigating security weaknesses across the enterprise.

The Opportunity: What You'll Command

This is not a typical operational role. You will be empowered to build, run, and innovate a comprehensive security program. You will be the central commander for threat and vulnerability management, from integrating security into the development pipeline (DevSecOps) to leading the charge during zero-day incidents.

Your mission is to proactively reduce the organization's attack surface by leading a multi-faceted function that includes:

• Team Leadership: Build, mentor, and lead a high-caliber team of security specialists responsible for scanning, testing, and analysis.
• Strategic Oversight: Own the entire lifecycle for vulnerabilities across infrastructure, applications, databases, and networks.
• Vendor & Service Management: Command relationships with external partners for specialized services like Red Teaming and advanced penetration testing, ensuring top-tier performance and value.
• Incident Command: Act as the designated lead for responding to critical, actively exploited vulnerabilities, orchestrating rapid enterprise-wide remediation efforts.

The Core Mission: Your Key Accountabilities

• Drive a Proactive Security Posture: Evolve and manage a sophisticated program covering continuous vulnerability scanning, configuration compliance, and attack surface management.
• Champion DevSecOps: Spearhead the integration of security into the CI/CD pipeline. Embed automated tools (SAST, DAST, SCA) and secure coding practices to find and fix flaws early in the development process.
• Lead Offensive Security Operations: Oversee all penetration testing (application and infrastructure), secure code reviews, and advanced adversarial simulations (Red Teaming) to rigorously test the organization's defenses.
• Deliver Actionable Intelligence: Develop a robust vulnerability intelligence capability that contextualizes global threats to the firm's specific environment. Prioritize remediation based on genuine business risk, not just raw CVSS scores.
• Communicate with Impact: Develop and present compelling metrics, risk reports, and strategic roadmaps to C-level executives and key business stakeholders, translating complex technical data into clear business impact.

The Ideal Profile

We are looking for a seasoned cybersecurity leader with a "player-coach" mentality. You have deep technical credibility combined with proven management experience.

• Experience: 12+ years in cybersecurity, with at least 5 years in a leadership role focused on Vulnerability Management, Application Security, or Offensive Security.
• Technical Mastery: Deep, practical expertise across the modern security toolkit. You must understand the "how" and "why" behind:
• Vulnerability Management Platforms: Tenable, Qualys, Rapid7, etc.
• DevSecOps & AppSec Tools: SAST, DAST, SCA, IAST integrated into developer workflows.
• Offensive Security Methodologies: Penetration Testing, Red Teaming, MITRE ATT&CK Framework.
• Modern IT Environments: Cloud (AWS/Azure), containerization, and complex enterprise networks.
• Strategic & Analytical Mindset: You can dissect complex vulnerabilities, assess exploitability, and map technical findings to tangible business risks.
• Leadership & Influence: You have a proven ability to manage technical teams and to communicate effectively with stakeholders at all levels, from engineers to executives.
• Credentials: A degree in Computer Science, Information Security, or a related discipline. Industry certifications such as CISSP or CISM are highly desirable.
• If this outstanding opportunity sounds like your next career move, please submit your resume in Word format via the Quick Apply Button.

• Join a reputable organisation at the forefront of cyber security, offering exposure to advanced technologies and complex environments.

• Oversee the continuous scanning of infrastructure for vulnerabilities and ensure configuration compliance across platforms, databases, networks, and voice systems.

• Lead penetration testing activities for both application and infrastructure security, ensuring robust defences against emerging threats.
• Manage the delivery of DevSecOps services by guiding secure development practices and integrating security into operations workflows.
• Directly supervise team members through hiring, training, coaching, setting objectives, and performance management to foster a collaborative and high-performing environment.
• Coordinate with external service providers and product vendors to establish, monitor, and maintain agreed service levels for vulnerability management.
• Provide oversight on the identification and remediation of vulnerabilities, ensuring timely resolution according to established priorities.
• Assess vulnerability intelligence in relation to both internal systems and the broader external threat landscape to inform risk-based decision making.
• Continuously identify gaps in controls or coverage within vulnerability management processes and propose initiatives for service enhancement.
• Develop comprehensive metrics, reports, and service highlights for presentation to business stakeholders and IT leadership.
• Act as the lead during incidents involving actively exploited or critical vulnerabilities by developing response plans and overseeing their implementation.

What you bring:

• A degree in Computer Science, Information Security or a related discipline provides you with a strong academic foundation for this role.
• Twelve years or more of relevant experience in information security roles ensures you bring deep industry knowledge.
• At least five years' hands-on experience specifically within vulnerability management demonstrates your subject matter expertise across multiple disciplines.
• Proven track record in leading teams through hiring, training, coaching, objective setting, and performance management fosters a collaborative work environment.
• Comprehensive understanding of vulnerability management services including operating procedures enables effective oversight of critical functions.
• Exceptional logical thinking skills allow you to analyse different categories of vulnerabilities with precision.
• A customer-focused approach ensures that all services delivered meet high standards of quality and responsiveness.
• Excellent interpersonal skills support effective communication with both technical teams and business stakeholders alike.
• Experience with key technologies such as Vulnerability Assessment tools, DevSecOps methodologies, Penetration Testing frameworks, Secure Code Review processes, Attack Surface Management solutions, and Red Team exercises enhances your technical toolkit.
• Holding industry-recognised certifications such as CISSP or CISM further validates your expertise.

• Join a reputable organisation at the forefront of cyber security, offering exposure to advanced technologies and complex environments.

• Oversee the continuous scanning of infrastructure for vulnerabilities and ensure configuration compliance across platforms, databases, networks, and voice systems.

• Lead penetration testing activities for both application and infrastructure security, ensuring robust defences against emerging threats.
• Manage the delivery of DevSecOps services by guiding secure development practices and integrating security into operations workflows.
• Directly supervise team members through hiring, training, coaching, setting objectives, and performance management to foster a collaborative and high-performing environment.
• Coordinate with external service providers and product vendors to establish, monitor, and maintain agreed service levels for vulnerability management.
• Provide oversight on the identification and remediation of vulnerabilities, ensuring timely resolution according to established priorities.
• Assess vulnerability intelligence in relation to both internal systems and the broader external threat landscape to inform risk-based decision making.
• Continuously identify gaps in controls or coverage within vulnerability management processes and propose initiatives for service enhancement.
• Develop comprehensive metrics, reports, and service highlights for presentation to business stakeholders and IT leadership.
• Act as the lead during incidents involving actively exploited or critical vulnerabilities by developing response plans and overseeing their implementation.

What you bring:

• A degree in Computer Science, Information Security or a related discipline provides you with a strong academic foundation for this role.
• Twelve years or more of relevant experience in information security roles ensures you bring deep industry knowledge.
• At least five years' hands-on experience specifically within vulnerability management demonstrates your subject matter expertise across multiple disciplines.
• Proven track record in leading teams through hiring, training, coaching, objective setting, and performance management fosters a collaborative work environment.
• Comprehensive understanding of vulnerability management services including operating procedures enables effective oversight of critical functions.
• Exceptional logical thinking skills allow you to analyse different categories of vulnerabilities with precision.
• A customer-focused approach ensures that all services delivered meet high standards of quality and responsiveness.
• Excellent interpersonal skills support effective communication with both technical teams and business stakeholders alike.
• Experience with key technologies such as Vulnerability Assessment tools, DevSecOps methodologies, Penetration Testing frameworks, Secure Code Review processes, Attack Surface Management solutions, and Red Team exercises enhances your technical toolkit.
• Holding industry-recognised certifications such as CISSP or CISM further validates your expertise.

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Lead and manage end-to-end penetration testing services, ensuring execution across all engagements to identify security weaknesses within the organisation's applications and environments
• Act as a Subject Matter Expert to support and respond to penetration testing-related requests, proactively anticipate needs (e.g. project requirements) and propose workable solutions

• Manage/conduct penetration testing and vulnerability management assessments, namely:

• System and infrastructure-based security assessments

• Web application security assessments
• Mobile application security assessments

• Vulnerability scanning

• Identify and exploit vulnerabilities using manual techniques and automated tools

• Develop custom scripts, payloads, and exploits to bypass security controls
• Document findings with detailed technical evidence and clear remediation guidance with recommended safeguards and compensating controls that meet the organisation's cybersecurity standards
• Collaborate with stakeholders to communicate findings and track the status of follow-up actions to ensure timely identification of vulnerability remediation
• Design and maintain KRI dashboards to track cybersecurity posture and report penetration testing outcomes in monthly management reports
• Develop and maintain internal standards, methodologies, and documentation for penetration testing and vulnerability management processes
• Manage vendor relationships to ensure service quality and monitor performance against SLAs
• Undertake other duties assigned by Cyber Security Management
• Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours

About You

You should have:

• University degree in Computer Science, Information Security, and/or related discipline
• Industry-recognised certification in one or more of the following - OSCP, OSCE, OSWE, GPEN, CEH, CISSP, CISA, or equivalent
• 5 years or more of working experience in the penetration testing and vulnerability management domain across various disciplines
• Proven expertise in conducting application security assessments across web, mobile, and self-developed applications
• Strong service and a customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Hands-on experience with industry-standard tools such as Kali Linux, Burp Suite, Qualys, Nessus, Nmap, Metasploit, Wireshark, etc.

• Deep technical knowledge in:

• Operating systems: Windows, Linux, macOS

• Offensive tooling and technique: Implant reverse shells, Command and Control (C2) infrastructure
• Network and security architecture: TCP/IP, IDS/IPS, firewalls, WAFs, web content filtering
• Cloud platform: Integrated security solutions across major cloud providers (e.g. AWS, Azure)

• Application security: Coding practices and architecture design

• Demonstrated ability to perform penetration testing, vulnerability assessments, and security reviews for applications and infrastructure

• Contribute to the development and refinement of penetration testing and secure vulnerability management standards
• Experience participating in red team operations is desired
• Exploit research and development skills are a plus
• Source code review experience is a plus

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

Company:

Sopra Steria is a listed European tech leader specializing in Consulting, Digital Services, and Software. With 60,000 employees worldwide across Europe, North America and Asia, Singapore serves as the HQ for our APAC operations. We focus on delivering Infrastructure, Cloud and Cybersecurity services across the region.

Description:

This role is for a technical support position and he/she will be responsible to oversees Middleware Vulnerability Management. They must plan and rectify middleware products security vulnerabilities. He/she will help ensure the quality of Core Middleware services remains consistently high and Create Middleware management reporting and dashboard and adhere to all IT security policies to maintain system integrity and quality.

The candidate must have excellent technical knowledge matched by a "can do" hands-on attitude to develop automatic process to generate reports and dashboard and always work to minimize operational risk. Also capable of develop scripts to manage repetitive or mass deployment tasks. The successful candidate will be a member of a dynamic IT team and will work with other IT teams in Asia, Europe and Americas, so must possess strong organization skills, have good time management and excellent written and communication skills.

Responsibilities:

• Responsible for the overall Middleware Vulnerability Management of Core Middleware systems in APAC (infrastructure in Singapore, Hong Kong, Japan and China) and regional oversight of the rest of APAC countries.
• Must have a mindset to provide continuous team and service improvements, be risk adverse in change management, focus on mitigating middleware vulnerabilities and be eager to improve the monitoring, efficiency, reliability, capacity and quality of all IT services.
• Strive to ensure 100% uptime for all Core Middleware systems infrastructure in APAC, taking into account business requirements.
• Able to plan, test and execute Production changes successfully following a robust Change Management process.
• Responsible for updating all live production documentation under their scope.
• Has direct hands on experience managing to reduce hardware and software obsolescence across IT.

Business relationships:

• Work closely with all major stakeholders of the Core Middleware Systems, and any team(s) with direct influence and dependencies.
• Must build a strong relationship with our internal customers in APAC.
• Have proven experience working collaboratively with all teams across all departments and refusing to work in silo mode.
• Follow all Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Governance:

• Follow Security policies
• Contribute to management reports and dashboards
• Report all variances from Norms and Standards
• Ensure and practice all production Disaster Recovery and BCP processes are in place

Essential Technical Knowledge/Skills:

• At least 5 - 7 years of technical experience in following middleware technologies listed below

• Open source Apache HTTP Server (2.4.x)

• Open source Tomcat application Server (8.x, 9.x)
• Microsoft IIS server (IIS 8.5, 10)
• REDHAT Jboss EWS (Apache / Tomcat 5.x)
• REDHAT EAP application server (EAP 7.x)
• IBM WebSphere Application server BASE & ND (8.x, 9.x)
• IBM WebSphere MQ server (8.x, 9.0, 9.1, 9.2)

• Oracle WebLogic server (12.x, 14.x)

• Analysis, remediation planning and execution for all overdue vulnerabilities for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS products.

• Analysis, remediation planning and execution for all Critical compliance deviations on Digital Platform assets, and ideally on High deviations for IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS.

• Enhancement of the current processes for remediationd for all APAC assets where the remediation owner is Digital Platform (include assets provided to and supported for CIB, WM, Cardif entities), on the vulnerability management and compliance management remits.

• Continuous improvement of the security watch process for the products under APAC Digital Platform management, to pro-actively plan for patching.

• Experience in creating and producing reports and Dashboard.

• Obtain skill for reporting : Tableau / Power query / Excel Micro programing / PowerBI / SQL query / Python / API

• Optional skill set: Prometheus / Grafana / Kibana / ELK

• Obtain skill for automation: Ansible scripting + Ansible tower

• Middleware skill: IBM MQ, IBM WAS, Apache, Tomcat, Jboss EAP/EWS

• Oversight of the Vulnerability & Compliance Deviation remediation for the locally-managed network gears.

• To apply security vulnerability fixes on timely manner as per business needs.

• To apply security hardening policies for middleware productson timely manner as per business needs.

• Must have excellent written and verbal communication skills.

• Productiveness team work and strong analytical skills.

• Demonstrate a systematic and logical approach to problem-solving.

• Good presentation and documentation skills.

• Ability break down complex technical situations and adapt their language to all levels of discussion, from non-technical managers up to 3rd level System Experts.

• Have knowledge and experience using agile methodologies and/or has been part of DevOps teams.

• Be service oriented, customer focused, positive, committed and have an enthusiastic "can do" attitude.

• Great time keeping skills and attention to detail is essential.

• Flexibility to do shift work and some weekends or late after office hours at short notice.

• Must be independent, organized, self-motivated, responsible, and able to complete tasks with little or no supervision.

• Relishes taking ownership, being totally hands-on and comfortable directly interfacing with people at all levels of the organization.

• Knows ITIL concepts and can apply them effectively.

Other Value-Added Competencies:

• A professional certification in any of the application server technology listed.

• Analytical thinking and strong diagnostic information gathering

• Client-oriented, strong communication and organization skills
• Initiative and multitasking
• Ability to work under pressure
• Having knowledge in ansible / good scripting skills in PowerShell, Python or other programming languages is an added advantage.

• Regular team buildings
• 18 leave days / Year
• Health Insurance
• Annual bonus
• Working hours: from 9am to 6pm, Monday to Friday
• E-learning and certifications paths

Company description:

The Hong Kong Jockey Club

Job description:

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club's ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club's reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Managing the VM Team in the aspects of continuous Infrastructure Vulnerability Scanning & Configuration Compliance (for Platforms, Database, Networks and Voice), Penetration Testing and Scanning for Application & Infrastructure Security and Development, Security & Operations (DevSecOps), through hiring, training, coaching, objective setting and performance management of team members
• Managing the external service providers and product vendors, ensuring the appropriate service level performance is established, monitored and met
• Provide oversight on the handling of vulnerabilities identified, ensuring appropriate priority is given to effectively remediate the vulnerabilities within the agreed timelines
• Ensure the relevant and adequate coverage of vulnerability intelligence, to assess the vulnerabilities in the Club's context and the external threat landscape
• Ensure the vulnerability management services provided for applications (incl. DevSecOps) and infrastructure are operating effectively
• Continuously identify control and coverage gaps, and improvement initiatives to uplift the Vulnerability Management service
• Develop and present the VM metrics, reports and service highlights to the business and IT stakeholders
• Act as the lead during actively exploited or critical severity vulnerabilities being identified, lead the development of the vulnerability response plan and oversee its implementation it

About you

You should have:

• Degree in Computer Science, Information Security, and/or related discipline
• 12 years or more of working experience in the related field, with at least 5 years in the Vulnerability Management domain across various disciplines, including leading and managing teams
• Strong experience covering Vulnerability Management services and required operating procedures
• High degree of logical and analytical thinking skills, particularly in the different categories of vulnerabilities and how they work
• Strong service and customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Experience with the following services and technologies - Vulnerability Assessment, DevSecOps, Pen-Testing, Secure Code Review, Attack Surface Management, Red Team
• Industry-recognised certification in one or more of the following - CISSP, CISM, etc.

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.

The Job:

• To handle project provisioning & project restoration on different Network Security solution, likes NAC, WAF, SIEM, EDR & Firewall infrastructure solutions
• To provide technical consultancy services to customer
• To assist / prepare demonstration on security solution to customer
• To communicate with vendors on technical support issues
• To perform ad hoc or emergency call out (ECO) service when required

The Person:

• Degree / Higher Diploma holder in Electronic Engineering or Information Technology or related disciplines
• Solid experience on data networking security solution on Checkpoint, Fortigate & Palo Alto products
• Experience in system administration role in a Unix / Linux environment is preferred.
• Strong problem solving and analytical skills
• Self motivated, customer oriented and able to work under pressure
• Proficiency in spoken and written in both Chinese and English
• Holder of professional certifications such as Checkpoint or Palo Alto or Fortinet will be an advantage
• Experience with Java, Python, Javascript or other web services development languages will also be an advantage
• Minimum 2 years' relevant experience in Data Network or Security solution experience
• Candidates with less experience will be considered as Assistant Service Engineer / Senior Technical Officer

Job Responsibilities

• Implementing security devices, including EDR, DLP, UTM, and WAF.
• Handling ad hoc projects or tasks as assigned.
• Willingness to work on-site and outside normal working hours if necessary.

Requirements

• At least 2 years working experience in IT industry
• Certificate holder or above in IT or Computer related discipline
• Experience in networking and cybersecurity will be an advantage
• Good analytical and interpersonal skills, able to work under pressure.
• Fluent in English, Cantonese, and Mandarin.
• Preferably experience in security device implementation and troubleshooting.
• Candidates with less experience will be considered as Junior Systems Engineer

ACW Distribution (HK) LTD. is a leading IT solution distributor in Hong Kong for 40 years. To support our expansion, we invite high caliber professionals to join us.

Job Responsibilities:

• Responsible for pre-sales and professional service
• Identify, understand and define customer needs, objectives and business requirements
• Responsible for presentation, demonstration, proof of concept (PoC)
• Responsible for solution design, technical proposal, scoping professional service
• Participate in conferences, shows and exhibitions
• Collaborate with sales and business development teams in pre-sales activities

Requirements:

• Diploma holder or above in IT or Computer related discipline
• Understanding of TCP/IP Networking and Routing, LAN/WAN architecture, MS Windows and Linux
• Basic knowledge in network and security technologies
• Good command of both spoken and written English and Chinese (Mandarin will be an advantage)
• Good team player, pro-active, strong motivation, willing to learn, aggressive and able to work under pressure
• Pre-sales experience in IT industry will be an advantage
• Working experience in IT industry will be an advantage
• Less experience or fresh graduates will also be considered

We offer great opportunities and 5 working days for career advancement to the right candidates.  Interested parties please send your resume with job portfolios, expected salary and the date of availability email to - Only short listed candidates will be invited for interview.

All information will be treated in the strictest confidence and used only for recruitment purposes.  Applicants not invited for interview within four weeks from the date of the posting may consider their applications unsuccessful.  Unsuccessful applications will be destroyed after the recruitment exercise.