What Jobs are available for Security Expert in Hong Kong?

Natixis Corporate & Investment Banking is a leading global financial institution that provides advisory, investment banking, financing, corporate banking and capital markets services to corporations, financial institutions, financial sponsors and sovereign and supranational organizations worldwide.

Our teams of experts in close to 30 countries advise clients on their strategic development, helping them to grow and transform their businesses, and maximize their positive impact. Natixis CIB is committed to aligning its financing portfolio with a carbon neutrality path by 2050 while helping its clients reduce the environmental impact of their business.

As part of Groupe BPCE, the second largest banking group in France through the Banque Populaire and Caisse d'Epargne retail networks, Natixis CIB benefits from the Group's financial strength and solid financial ratings (Standard & Poor's: A+, Moody's: A1, Fitch Ratings: A+, R&I: A+).

Position Summary

Part of the IT Security team based in Singapore, he provides Security Expertise on Network Security. He/She will be fully part of the Global Network Security team in charge

His domain of expertise is Firewall, Micro segmentation, Internet proxy, WAF and network security monitoring.

Main Responsibilities:

Implement Firewall filtering
:

• Validate and apply firewall requests.
• Configure filtering software solutions on IPS, WAF and Proxy
• Improve filtering policy to detect and block intrusions.
• Configure the network security events monitoring.
• Follow security alerts

Configure filtering software solution, WAF, Proxy

• Day to day current Network security operations, create, handle tickets (ServiceSnow/Secops).
• Improve filtering policy to detect and block intrusions.
• Configure the network security events monitoring.
• Follow security alerts

Design Security Architecture
:

• Assess existing architectures
• Study and propose the new security solutions
• Check and validate the architectures proposed by other IT teams.
• Advise other IT teams in your domain of expertise.

Vulnerability Management
:

• Vulnerability assessment and follow-up from the detection to the remediation.
• Configure Qualys and run the vulnerability scans.

Required Skills:

• At least 5 years experiences in Network security
• Demonstrate autonomy, responsiveness, readiness, discretion, rigorous and well organized
• Ability to design and implement innovative solutions.
• Work and cooperate with team members in Europe and Asia (knowledge sharing, technical collaboration and mutual assistance)

Natixis Corporate & Investment Banking is a leading global financial institution that provides advisory, investment banking, financing, corporate banking and capital markets services to corporations, financial institutions, financial sponsors and sovereign and supranational organizations worldwide.

Our teams of experts in close to 30 countries advise clients on their strategic development, helping them to grow and transform their businesses, and maximize their positive impact. Natixis CIB is committed to aligning its financing portfolio with a carbon neutrality path by 2050 while helping its clients reduce the environmental impact of their business.

As part of Groupe BPCE, the second largest banking group in France through the Banque Populaire and Caisse d'Epargne retail networks, Natixis CIB benefits from the Group's financial strength and solid financial ratings (Standard & Poor's: A+, Moody's: A1, Fitch Ratings: A+, R&I: A+).

Position Summary

Part of the IT Security team based in Singapore, he provides Security Expertise on Network Security. He/She will be fully part of the Global Network Security team in charge

His domain of expertise is Firewall, Micro segmentation, Internet proxy, WAF and network security monitoring.

Main Responsibilities:

Implement Firewall filtering:

• Validate and apply firewall requests.
• Configure filtering software solutions on IPS, WAF and Proxy
• Improve filtering policy to detect and block intrusions.
• Configure the network security events monitoring.
• Follow security alerts

Configure filtering software solution, WAF, Proxy

• Day to day current Network security operations, create, handle tickets (ServiceSnow/Secops).
• Improve filtering policy to detect and block intrusions.
• Configure the network security events monitoring.
• Follow security alerts

Design Security Architecture:

• Assess existing architectures
• Study and propose the new security solutions
• Check and validate the architectures proposed by other IT teams.
• Advise other IT teams in your domain of expertise.

Vulnerability Management:

• Vulnerability assessment and follow-up from the detection to the remediation.
• Configure Qualys and run the vulnerability scans.

Required Skills

• At least 5 years experiences in Network security
• Demonstrate autonomy, responsiveness, readiness, discretion, rigorous and well organized
• Ability to design and implement innovative solutions.
• Work and cooperate with team members in Europe and Asia (knowledge sharing, technical collaboration and mutual assistance).

Job Summary and Mission

This position contributes to the success of wizlynx group by performing the following:

• Responsible for development and operational activities across the entire scope of our clients Security Governance, Risk and Compliance programs.

• The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients IT management.

• Serve as the primary contact point for issue escalation

• Manage service support requirements and ensure that quality plan, KPIs/SLAs are met

• Draft support SOP and documentation

• Models and acts in accordance with wizlynx group guiding principles

With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing

Summary of Key Responsibilities

• Leads IT control assessments for our clients to ensure effective IT controls are in place to meeting operational and compliance requirements.

• Works with our clients IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client's operations and industry.

• Develops Vendor Risk Management policies and supports client's risk profile assessment for vendor on-boarding process and conducts annual review of critical vendors.

• Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.

• Effectively reports and communicates testing results to client's IT management for corrective action, where required.

• Conducts information security awareness training.

Performs evidence collection and project management assistance of our clients annual compliance (e.g. CREST, PCI DSS) certification program.

• Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place.

• Assist our clients with drafting and maintaining information security policies

• Provides mentoring for other team members.

• Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.

• Facilitates the performance and testing of our client's annual disaster recovery tests and business continuity plans.

Summary of Ideal Experience, Skills, Knowledge, and Abilities

Ideal Experience

a) Senior GRC role:

A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

b) Junior GRC role:

One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

• Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers

Strong understanding of information security principles such as ISO 27001, HKMA CFI, CRAF, HK SFC, HKIA Guideline on Cybersecurity (GL20), PCI-DSS, PDPO, and other regulatory compliance

Language Skills

Fluent technical English (speech and writing)

• Ability to communicate clearly and concisely, both orally and in writing, in local language

Soft Skills

• Excellent team leadership, team oriented and team player who takes ownership

• Flexible attitude, reliable, action oriented

• Customer friendly approach and appearance

• Willingness to travel

• Innovative to push new ideas, dynamic and forward looking with clear management principle towards the team

• Able to work independently, critical thinking and be able to communicate effectively with the support team and customers

• Enjoys working in global team with different cultures

Technical Skills and Abilities

• Microsoft OS and Office knowledge

• Technical document writing

• Experience in Project Management in IT

• Knowledge in perimeter firewall infrastructure and VPN remote access

Summary of Education

• Bachelor's degree from an accredited college/university in an appropriate field

Certifications / Training

• CISM, CISA, CRISC, CISSP certified

KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS

• Achieve agreed targets/SLA/KPI in terms of quality, time and cost

• Lead team members to achieve team/organizational goals

• Improve and retain high customer satisfaction

POTENTIAL CAREER DEVELOPMENT

• Advance to higher business development tiers or geographic reach

Are you passionate about cybersecurity and network solutions? Join our client's team as a Security Consultant and play a crucial role in designing, implementing, and supporting cutting-edge web application delivery and load balancing solutions. This position offers an exciting opportunity to work with industry-leading technologies, mentor junior engineers, and manage multiple projects in a dynamic environment.

• Project Implementation: Design, plan, and manage the implementation of various network and technology project solutions, ensuring seamless integration and optimal performance.
• Technical Expertise: Apply your experience in project installation, configuration, operation, and ongoing support of web application delivery and load balancing solutions.
• Collaboration: Work closely with customer security and network teams to build trust and ensure successful service delivery.
• Project Management: Organize project schedules and resources, coordinating between customers, engineers, vendors, and third parties.
• Mentorship: Guide and support junior engineers, helping them enhance their technical and handling skills.
• Problem-Solving: Serve as an escalation point, assisting junior engineers with complex projects and support cases.

• Relevant Experience: Over 5 years of experience working with Application Delivery products, including F5 Load Balancer, Check Point, DNS, GTM, ASM, WAF, Cloud, and Remote Access SSL VPN.
• Certifications: Cybersecurity certifications in F5 Networks and Check Point are highly valued. Additional security-relevant certificates such as CISSP, CISA, CISM, or CEH are advantageous.
• Technical Knowledge: Basic understanding of ICT, Network Security, and Networking concepts is essential for success in this role.
• Communication Skills: Strong problem-solving, analytical, interpersonal, and communication abilities in both written and verbal English and Cantonese are crucial for effective collaboration with diverse teams and clients.

Our client offers an attractive remuneration package and other benefits, such as:

• Comprehensive Health Insurance coverage
• Performance-based bonus opportunities
• Life Insurance for added peace of mind
• Special leave for important life events (Birthday and Marriage)
• Minimum 14 days of Annual Leave
• Work-life balance with a 5-day work week (Monday to Friday, 9am-6pm)

Ready to join this role? Click Apply now to submit your resume and share your availability and expected salary with us

We value diversity and encourage all qualified individuals to apply, regardless of background or experience level.

All information received will be kept strictly confidential and will be used only for employment-related purposes.

Refer A Candidate and Earn $2,000)

• Master security technologies: Develop extensive expertise in installing, configuring, and managing network security products such as Firewalls, Application Security, and Remote Access VPN.
• Build client relationships: Collaborate closely with customer security and network teams to establish trust and confidence in your solutions.
• Lead complex projects: Design, plan, document, and oversee all aspects of intricate network design and implementation projects involving diverse technologies.
• Provide expert guidance: Offer comprehensive advice for developing and modifying security solutions to meet client needs.
• Coordinate project execution: Manage schedules and resources with customers, engineers, vendors, and third parties to ensure timely delivery of solutions.
• Mentor and support: Guide engineers to enhance their technical skills and improve service delivery, while serving as a point of escalation for complex issues.
• Troubleshoot and resolve: Investigate and address network and security incidents efficiently and effectively.

• Education: Degree holder in IT-related disciplines or equivalent, demonstrating a strong foundation in technology.
• Experience: Minimum of 6 years of in-depth work experience in Network Security and Cybersecurity, with a focus on various security technologies.
• Certifications: Hold relevant certifications such as PCNSE (Palo Alto Networks Certified Network Security Engineer) and other cybersecurity certificates.
• Technical proficiency: Demonstrate expertise in Palo Alto Networks Security Technologies and other cybersecurity product solutions.
• Networking knowledge: Possess in-depth understanding of networking design and technologies across LAN, WAN, Data Centre, and Cloud environments.
• Leadership skills: Show ability to engage technical and business personnel to reach consensus on solutions across diverse stakeholder groups.
• Communication: Exhibit strong problem-solving, analytical, interpersonal, and communication skills in both English and Cantonese.

Our client offers an attractive remuneration package and other benefits, such as:

• Performance-based bonus to reward your hard work
• Comprehensive health insurance coverage for your peace of mind
• Generous 14 days of annual leave to maintain a healthy work-life balance
• Special leave for important life events, including birthday and marriage
• Training sponsorship to support your professional growth
• Annual body check to prioritize your health and well-being

Ready to join this role? Click Apply now to submit your resume and share your availability and expected salary with us

We encourage applications from candidates of all backgrounds and experiences who are passionate about cybersecurity and eager to contribute to a dynamic team.

All information received will be kept strictly confidential and will be used only for employment-related purposes.

Refer A Candidate and Earn $2,000)

Ensign is hiring

Job Overview

Ensign InfoSecurity is the largest pure-play end-to-end cybersecurity service provider in Asia. Headquartered in Singapore, Ensign offers bespoke solutions and services to address their clients' cybersecurity needs. Our core competencies are in the provision of cybersecurity advisory and assurance services, architecture design and systems integration services, and managed security services for advanced threat detection, threat hunting, and incident response.

The candidate will work under Ensign Advisory, we draw on our vast experience in cyber security and risk management and our insights into the tactics, techniques and procedures used by threat actors to help you anticipate threats, disrupt attacks and respond decisively. Ensign offers strategic advisory and consultancy services to enable our client's organisation – from the leadership team to security operations – with a 'shift left' mentality to proactively combat emerging threats.

Duties and Responsibilities

• Conduct penetration testing of systems and applications to identify, document, and present technical vulnerabilities and issues.
• Participate and lead Red Team engagements to remotely infiltrate, escalate privileges, and achieve full control of target networks, demonstrating advanced offensive capabilities.
• Assist in developing customized remediation plans based on technical findings and client business constraints to strengthen cybersecurity defenses.
• Utilize automation tools and techniques to streamline and enhance penetration testing and red teaming processes for improved efficiency and accuracy.
• Collaborate with cross-functional teams to assess security controls, technologies, and processes, exposing vulnerabilities and recommending proactive measures.
• Research, develop, and ideally present new offensive cyber techniques and security control bypasses to the broader cybersecurity community.
• Stay abreast of emerging threats, industry trends, and best practices, integrating new knowledge into penetration testing methodologies and techniques.
• Collaborate with clients and stakeholders to provide expert guidance on cybersecurity strategies, risk mitigation, and incident response.
• Foster a culture of continuous learning and knowledge sharing within the team and across the organization.
• Support pre-sales processes and working with the Business Development team to win new deals.

Requirements

• Degree in information security, computer science or related field
• At least 4 years of information security exposure
• Good working knowledge of relevant standards, security frameworks and regulations (ISO27001, NIST, GDPR, CSL, MLPS, GL20, PDPO, PIPL)
• Excellent written and verbal communication skills
• Broad knowledge across multiple technical domains and willing to learn
• Confident and assured presentation skills – at ease with senior stakeholder engagement

Preferred Skills /Qualities

• At least two years of proven experience in conducting penetration testing / red team engagements in diverse environments.
• Strong proficiency in developing and executing remediation plans tailored to client business constraints and technical findings.
• Demonstrated ability to dive into new industries and technology stacks, adapting quickly to new challenges and environments.
• Familiarity with cyber security principles (e.g. networking, web development, vulnerability classes) and industry best practices (e.g. OWASP Top 10, MITRE ATT&CK Framework)
• Experienced in consulting, including internal and client facing experiences
• Ability to independently lead a project and communicate with clients
• Excellent communication and presentation skills, with the ability to convey technical concepts to both technical and non-technical stakeholders.
• Knowledge of GRC (Governance, Risk, and Compliance) processes is a plus, with an understanding of information security management systems and relevant standards and frameworks (e.g., ISO 27001, NIST CSF).

The Job

• Focus security assessment and monitoring information security on quality and compliance on both existing and new developed services offering of internal teams and external customers
• Support RFP / RFI / Tender proposal together with sales team
• Work with internal stakeholders to develop SOW from infrastructure and security perspective
• Support information & security solution architect and subject matter expert on overall infrastructure design during POC & site visit
• Perform required tasks on infrastructure and security strategy, design, implementation and support which aligned with Company's internal process and procedures

The Person

• Degree holder or above in Computer Science / Information Technology or related disciplines
• 4-5 years working experience in providing IT infrastructure, security service or solutions for enterprise customers based on multi-technology integration or cloud setup and experience in IT infrastructure or Information Systems auditing is an advantage
• Knowledge of information security services and products, including but not limited to Firewall, Network IDS/IPS, Web Application Firewall and Vulnerability Assessment
• Professional qualifications on Information Security CISSP / CISA / ISO 27001 is preferred
• Proficient in written and spoken English and Chinese
• Good communication and presentation skills
• Self-motivated and willing to learn new technology

Securities Responsibilities

• Ensure compliance with FUJIFILM Business Innovation Information Security Rule, Policies and procedures at all time
• Responsible for maintaining security of all FUJIFILM Business Innovation information entrusted to and not limiting to proper classification & handling of FUJIFILM Business Innovation documents and records
• Complete Information Security training and awareness program on regular basis and possess enough knowledge to adhere to FUJIFILM Business Innovation Information Security requirements
• Responsible for identifying, reporting and complying with Information Security Incident & Reporting Procedure
• Failing to comply with the security policies could be subject to disciplinary action, potentially including termination of employment or contract and/or prosecution

We offer career prospect, attractive remuneration and fringe benefits including but not limited to the followings:

• 12 days' annual leave
• Blissful leave of maximum 25 days per year (including birthday leave, wedding anniversary leave, children graduation leave, volunteer leave, pet healthcare leave, home purchase, etc)
• 5 days work week & bank holiday
• Clinical, hospitalization and dental insurance
• On-job training

To discuss this opportunity further, please send your full resume, current and expected salary by clicking "Apply Now".

We are an equal opportunity employer and welcome applications from all qualified candidates. All information provided will be treated in strict confidence and used for recruitment purposes only. Applicants not hearing from us within six weeks may consider their applications unsuccessful. All date of unsuccessful applications will be destroyed after six months.

About OKX
At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.

We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.

Responsibilities

• Identify and address security vulnerabilities in code, systems, and networks using manual review, automated tools, and threat modeling.
• Manage and optimize application security tools, processes, and alerts.
• Validate and respond to Bug Bounty submissions.
• Stay informed on the latest offensive security techniques, application security threats, and best practices, and suggest improvements to enhance our security posture.
• Produce detailed reports of your findings, present them to both management and technical teams, and contribute to preventing real-world attacks.
• Collaborate with development teams to implement secure coding practices.
• Work alongside other teams, including operations and compliance, to ensure that security is a consistent priority across the organization.
• Participate in incident response and management activities.

Qualifications

• 3+ years of experience in offensive security techniques.
• In-depth understanding of security risks, vulnerabilities, and concepts in web and mobile applications.
• Proficient in code review, particularly with Kotlin/Swift/Typescript/JavaScript, with a strong grasp of application security threats.
• Ability to create proof-of-concepts (PoCs) to demonstrate vulnerabilities, review patch code for adherence to standards, and collaborate with repository owners and maintainers.
• Strong analytical and problem-solving abilities.
• Excellent verbal and written communication skills.

Nice-to-have

• Prior experience in developing mobile security SDKs with a daily active user base of over ten million is preferred.
• Participated in large-scale business risk control projects, or have practical experience in threat intelligence/business risk prevention, and analysis/countermeasures against black and gray industries.
• In-depth reverse engineering of major apps from first-tier vendors, or other experiences/projects that demonstrate reverse engineering capabilities.
• Priority given to candidates who can simultaneously master relevant technologies on multiple platforms.
• Proficient in ARM assembly, capable of deep-level countermeasures at the native and application layers.
• Have certain capabilities in device fingerprint recognition, able to simulate new devices through methods such as flashing, modification, and application cloning.

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• More that we love to tell you along the process

Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to OKX's Candidate Privacy Notice.

Ringus, established in 2008, is a spin-off subsidiary of a financial listed company and become an IT consultancy and support provider with a vision to deliver solutions that optimize business operations and digital capabilities. With our presence in Hong Kong, Australia, United Kingdom, Macau and Taiwan, our stretch reached across the globe.

To cope with business expansion, we are inviting high-caliber candidate to join our team.

Job Highlights:

• Participate in cybersecurity assessments, IT auditing and ISO implementation projects
• Conduct privacy impact and compliance assessment and provide advisory
• Career development in IT security and privacy stream with prospects and flexibility
• Stable and friendly working environment with work-life balance

Job Duties:

• Participate in regional projects for IT security compliance and auditing based on international standards such as ISO, NIST, PCI DSS, SOC, etc.
• Review the IT technologies configuration, including network and systems infrastructure.
• Perform privacy assessment and consultation in accordance with the regulatory requirements (e.g. GDPR, CCPA, PIPL, etc.)
• Provide advisory on improving the security controls based on risks and client nature.
• Design and develop IT governance framework policies, documentation. Prepare reports with audit findings and recommendations.
• Coordinate different projects between internal parties and clients and manage client relationship and expectation.
• Occasional business travel as and when required.
• Candidates will be offered on-the-job training and coaching.

Job Requirements:

• 2 years of experience in IT audit / consultation / governance, or 2+ years of experience in IT industry. Candidates with more experience may be considered as IT Security Consultant Senior Associate;
• University graduate in Cyber Security, Information Technology or related disciplines preferred;
• Exposure and experience in ISO 27001, NIST, IT security or privacy is an advantage;
• Knowledge in ITIL, operating systems, cloud infrastructure, network and security products, technologies and DevSecOps is an advantage;
• Knowledge in IT governance and compliance for Artificial Intelligence is an advantage;
• Professional qualifications of CISA/ CISSP/ CISM/ CIPP/ ISO27001 IA or LA, or equivalent is an advantage;
• Good customer relation and client management skills;
• Team player with excellent interpersonal and communication skills;
• Good command of written and spoken English and Chinese (Cantonese and Mandarin);
• Responsible, independent, self-motivated, organized, analytical and detail-minded;
• Immediate availability is preferred.

We offer rewarding career with attractive package including 5-day week, insurance package and generous annual leave to the right candidates. If you are ready for a challenge and look for career advancement opportunities, join us

Please send your CV with CURRENT and EXPECTED SALARY & YOUR AVAILABILITY in WORD FORMAT by clicking "Apply Now"

(Personal data collected will be kept & used for recruitment purpose only)