51 Security Testing jobs in Hong Kong

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

1 day ago Be among the first 25 applicants

Join to apply for the Cyber Security Specialist (Penetration Testing) role at Mox Bank

Get AI-powered advice on this job and more exclusive features.

About Mox
Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Application Deadline: 6 October 2025

Department: Technology-CDSIO

Location: Hong Kong (SAR)

• Provide security expertise to ensure the ongoing confidentiality, integrity, and availability of systems and information effectively and efficiently.
• Scope and perform hands-on penetration testing and security assessments of web applications, APIs, infrastructure, cloud environments and mobile (iOS/Android) apps to assess and validate their security posture
• Write high quality reports on identified vulnerabilities, including recommendations to remediate, and deliver report to stakeholders
• Manage security assessments conducted by vendors and consultants
• Manage the penetration testing pipeline to ensure on-time completion and delivery
• Work closely with key development and operations stakeholders to ensure timely remediation
• Conduct security code reviews and make recommendations to developers
• ·Drive security awareness of secure coding practices and techniques
• Work collaboratively with key development and operations stakeholders to support the secure CI/CD pipeline
• Conduct offensive research to evaluate emerging cyber security threats and trends
• Work closely with the security operations team to proactively identify potential weaknesses, threats or vulnerabilities and address them
• Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
• Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
• Build strong working relationships across the business and technology teams
  

• 5+ Years’ experience in IT security related positions with a key focus on penetration testing and application security
• You should be able to demonstrate:
• Passion for offensive security and assurance
• Risk mindset and knowledge of risk management guidelines and frameworks
• Good understanding of penetration testing methodologies / techniques and software security principles
• Ability to communicate and articulate technical findings with stakeholders at all levels of the business
• Hands-on threat, vulnerability, and remediation management experience
• Experience working in a cloud and container-based environment is highly desired
• Critical thinker with strong problem-solving and analytical skills
• Strong time management and ability to manage multiple projects under strict timelines.
• Development and automation experience in one or more programming languages are highly desired
• Strong collaborative nature and ability to contribute to a team environment
• Previous experience working within the finance/banking or advisory services industry beneficial
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Banking

Referrals increase your chances of interviewing at Mox Bank by 2x

Sha Tin District, Hong Kong SAR 6 days ago

Sha Tin District, Hong Kong SAR 1 week ago

Sha Tin District, Hong Kong SAR 1 week ago

Central & Western District, Hong Kong SAR 3 days ago

Sha Tin District, Hong Kong SAR 2 weeks ago

Kwun Tong District, Hong Kong SAR 4 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.

Service Line Overview

At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.

KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.

Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.

We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.

Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  
  
  

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  
  
  

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

Join to apply for the Consultant/Senior Consultant, Cyber Security (Penetration Testing/ Red Teaming), Technology Consulting (MJ005350) role at KPMG China

KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients’ needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment and community. At KPMG, you’ll translate insights into action and reveal opportunities for all—our teams, our clients and our world.
Service Line Overview
At KPMG's Consulting practice, we do not limit ourselves to either strategy or implementation. We deliver both. Our Hong Kong division is the fastest growing within KPMG China and represents a young and enthusiastic team that always pushes for success. Since our inception, we have acquired in-depth knowledge of an incredibly broad range of sectors and services.
KPMG is the firm that views cyber security as a business enabler, and not just an IT issue. From the boardroom to back office, we help clients through Strategy and Governance, Transformation, Cyber Defense and Cyber Response. So that they are prepared for uncertainty and use cyber security to advance the business, not stand in the way.
Our wide range of projects includes Cyber Strategy, Cyber Digital Transformation, Governance & Risk, as well as a strong presence in Penetration Testing or Ethical Hacking. We are keen to speaking with cyber security specialists with various expertise and experiences to join our growth story.
We are now seeking Consultant/ Senior Consultant candidates for Cyber Defense Team.
Key Responsibilities

• Perform vulnerability assessment and penetration tests on different platforms and technologies
• Simulate real-time cyber-attacks using red team / blue team / purple team exercises
• Conduct social engineering and email phishing attacks to simulate the theft of passwords, infiltrate systems, and download malware / ransomware
• Conduct source code review to identify software program vulnerabilities and detect malware or malicious embedded code
• Conduct cloud / server / network / middleware security configuration assessments
• Conduct architecture review for cloud / on-premise IT environments
• Prepare reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
• Assist in continuously enhancing the existing security assessment methodologies
• Support in developing marketing and training materials to help develop staff awareness within the company and communicate KPMG's capabilities to clients
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Develop constructive client relationships, both inside and outside of KPMG
  

• Bachelor’s degree in computer science, InformationTechnology, or related field.
• At least one professionally qualification required: CREST, GXPN, GPEN, GCTI, GWAPT, OSCE3, OSEP, OSWE, OSEP, OSCP, CRTE, eCPTX, CISSP, or other relevant qualifications.
• 2 years of relevant working experience preferred: Red/Blue/Purple Teaming, Web/Mobile/Network/OT/IoT/other Penetration Tests, Vulnerability Assessment, Source Code Review, Appliance/System/Cloud Configuration Review, Malware development, Social Engineering.
• Candidate with less experience will be considered as Consultant.
• Knowledge in threat intelligence, reverse engineering, security products, incident response, SOC operation or other related areas will be an advantage.
• Experience with at least one scripting language (e.g. Bash, PowerShell) or programming language (e.g. Python, C, Java) preferred.
• Able to understand basic networking concepts (e.g. routing, ALC, load balancers, SSL/TLS, TCP) is preferred.
• Understand the industry recognised testing standards and have knowledge of common red teaming tools·
• Knowledge base in enterprise technologies and operations, enterprise networking, internet application security, database security evaluation and architecture, with self-motivated learning ability.
• Be able to conduct research and development and solve technical problems independently.
• Be able to work as part of a team, and at the same time being an independent self-starter·
• Have strong analytical, problem solving and inter-personal skills·
• Commands excellent written and oral communication skills with the ability to present ideas and results to technical and non-technical audiences·
• Possess a recognised Degree in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline (STEM) is preferred·
• Excellent written and verbal communication skills in English and Chinese (Mandarin or Cantonese)
  

• Well-structured career development and learning path, 1-to-1 coaching by our cybersecurity professionals
• Access to various cyber security learning resources
• Wide exposure to working with leading financial institutions and corporations
• Continuous sponsorship and support on professional certificate development (i.e. Offensive Security, GIAC, CREST, etc.)
• Opportunities for secondment / exchange within KPMG Global network based on staff performance and preference
• Opportunities to attend KPMG overseas Global Cyber Events – such as HackNet / BlackHat
• One annual professional membership sponsorship on the approved list
• Work in a passionate team with blended cybersecurity talents
  

• Seniority level Entry level

• Employment type Full-time

• Job function Engineering and Information Technology
• Industries Professional Services

Referrals increase your chances of interviewing at KPMG China by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Get AI-powered advice on this job and more exclusive features.

About Us

Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the

About Us

Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the Global Top 100 Most Loved Workplaces by Newsweek 2025.

The Security Team

The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.

As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.

About The Role

The Chainlink Labs Product Security team is looking for a driven and passionate Security Engineer to join our rapidly expanding team. You will help design and advise other teams on secure and scalable architectures, assist with their implementation, and develop entirely new and novel systems that protect Chainlink and the Web3 ecosystem. You’ll have the opportunity to help shape and secure the next generation of Web3 products and infrastructure.

What You Will Do

• Build security tools and controls that are deployed across the company
• Design, develop, and deploy new core security features to public Chainlink products like the Chainlink core node
• Define new processes and systems that make attacks on our networks hard to execute and easy to detect
• Immerse yourself in Chainlink’s upcoming engineering and non-engineering projects and ensure security is fundamental to their design and functionality
• Help define, shape, and achieve the company’s broader security goals
  
  

• Experience in Go or Rust
• Experience in a security related function
• Experience building security software or securing enterprise systems
• Comfortable with *nix operating systems (including macOS)
• Ability to adapt to fast changing environment and set of technologies
  
  

• Experience writing or auditing Solidity
• Experience auditing or securing frontends (React, NPM)
• Strong understanding of cryptography, including concepts such as TLS, FIDO, encryption, and public key cryptography
• Familiarity with security analysis tooling and frameworks
• Enthusiasm for the Ethereum (and other EVM compatible networks) with experience in tooling development, hardware wallets, and deployments
• Experience working on open source software with a GitHub history to prove it
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Technology, Information and Internet

Referrals increase your chances of interviewing at Chainlink Labs by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Get AI-powered advice on this job and more exclusive features.

About Us
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the

About Us
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the Global Top 100 Most Loved Workplaces by Newsweek 2025.
The Security Team
The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.
As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.
About The Role
The Chainlink Labs Product Security team is looking for a driven and passionate Security Engineer to join our rapidly expanding team. You will help design and advise other teams on secure and scalable architectures, assist with their implementation, and develop entirely new and novel systems that protect Chainlink and the Web3 ecosystem. You’ll have the opportunity to help shape and secure the next generation of Web3 products and infrastructure.
What You Will Do

• Build security tools and controls that are deployed across the company
• Design, develop, and deploy new core security features to public Chainlink products like the Chainlink core node
• Define new processes and systems that make attacks on our networks hard to execute and easy to detect
• Immerse yourself in Chainlink’s upcoming engineering and non-engineering projects and ensure security is fundamental to their design and functionality
• Help define, shape, and achieve the company’s broader security goals
  

• Experience in Go or Rust
• Experience in a security related function
• Experience building security software or securing enterprise systems
• Comfortable with *nix operating systems (including macOS)
• Ability to adapt to fast changing environment and set of technologies
  

• Experience writing or auditing Solidity
• Experience auditing or securing frontends (React, NPM)
• Strong understanding of cryptography, including concepts such as TLS, FIDO, encryption, and public key cryptography
• Familiarity with security analysis tooling and frameworks
• Enthusiasm for the Ethereum (and other EVM compatible networks) with experience in tooling development, hardware wallets, and deployments
• Experience working on open source software with a GitHub history to prove it
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Technology, Information and Internet

Referrals increase your chances of interviewing at Chainlink Labs by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Ubuntu Security Engineer role at Canonical

3 days ago Be among the first 25 applicants

Join to apply for the Ubuntu Security Engineer role at Canonical

Get AI-powered advice on this job and more exclusive features.

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. Our customers include the world's leading public cloud and silicon providers, and industry leaders in many sectors. The company is a pioneer of global distributed collaboration, with 1200+ colleagues in 75+ countries and very few office-based roles. Teams meet two to four times yearly in person, in interesting locations around the world, to align on strategy and execution.

The company is founder-led, profitable, and growing.

Canonical is building a team dedicated to providing security coverage across a wide range of ecosystems and environments, working to make the world a better, safer place. We are hiring an Ubuntu Security Engineer to join an industry-leading security engineering team and help protect the open source community and Ubuntu users from emerging threats. We are looking for candidates across all levels of experience, from Graduate to Senior.

As part of the Ubuntu Security Team, you will work with some of the best and brightest people in technology to monitor, triage, respond to, and document new and existing vulnerabilities in open source software. You will collaborate with internal teams and external partners to identify issues, prioritize them, and coordinate remediation.

This is an engineering-focused role that may also involve activities such as producing security assessments, building features, conducting code reviews, developing internal tools, engaging with the open source community, and participating in industry initiatives and events.

This role requires international travel at least twice a year, usually for one week. It also requires the ability to be productive in a globally distributed team through self-discipline and self-motivation.

Location: Worldwide, this is a globally remote role

The role entails

• Analyzing, fixing, and testing vulnerabilities in open source packages
• Keeping track of vulnerabilities in the Ubuntu ecosystem as they are discovered, researched, and fixed, leveraging internal tools
• Collaborating with other teams in the Ubuntu community and upstream developers, as needed, to exchange or develop vulnerability patches and ensure that Ubuntu includes the most robust security features
• Auditing source code for vulnerabilities
• Building features and tools to help teams strengthen the security of their products and contribute to the overall security of Ubuntu
  
  

• You have a thorough understanding of the common categories of security vulnerabilities and techniques for fixing them
• You are familiar with coordinated disclosure practices
• You are familiar with open source development tools and methodologies
• You are skilled in one or more of C, Python, Go, Rust, Java, Ruby, PHP or JavaScript/TypeScript
• You have excellent logic, problem-solving, troubleshooting, and decision-making skills
• You can clearly and effectively communicate with the team and Ubuntu community members
• Experience with Linux (Debian or Ubuntu preferred)
• Excellent interpersonal skills, curiosity, flexibility, and accountability
• Appreciative of diversity, polite, and effective in a multi-cultural, multi-national organization
• Thoughtfulness and self-motivation
• Result-oriented, with a personal drive to meet commitments
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Team Member Assistance Program & Wellness Platform
• Opportunity to travel to new locations to meet colleagues
• Priority Pass and travel upgrades for long-haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Security Engineer jobs in Hong Kong SAR .

Hong Kong SAR $4,800.00-$7,200.00 2 weeks ago

Hong Kong, Hong Kong SAR SGD24,000.00-SGD60,000.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Ubuntu Security Engineer role at Canonical

3 days ago Be among the first 25 applicants

Join to apply for the Ubuntu Security Engineer role at Canonical

Get AI-powered advice on this job and more exclusive features.

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. Our customers include the world's leading public cloud and silicon providers, and industry leaders in many sectors. The company is a pioneer of global distributed collaboration, with 1200+ colleagues in 75+ countries and very few office-based roles. Teams meet two to four times yearly in person, in interesting locations around the world, to align on strategy and execution.
The company is founder-led, profitable, and growing.
Canonical is building a team dedicated to providing security coverage across a wide range of ecosystems and environments, working to make the world a better, safer place. We are hiring an Ubuntu Security Engineer to join an industry-leading security engineering team and help protect the open source community and Ubuntu users from emerging threats. We are looking for candidates across all levels of experience, from Graduate to Senior.
As part of the Ubuntu Security Team, you will work with some of the best and brightest people in technology to monitor, triage, respond to, and document new and existing vulnerabilities in open source software. You will collaborate with internal teams and external partners to identify issues, prioritize them, and coordinate remediation.
This is an engineering-focused role that may also involve activities such as producing security assessments, building features, conducting code reviews, developing internal tools, engaging with the open source community, and participating in industry initiatives and events.
This role requires international travel at least twice a year, usually for one week. It also requires the ability to be productive in a globally distributed team through self-discipline and self-motivation.
Location: Worldwide, this is a globally remote role
The role entails

• Analyzing, fixing, and testing vulnerabilities in open source packages
• Keeping track of vulnerabilities in the Ubuntu ecosystem as they are discovered, researched, and fixed, leveraging internal tools
• Collaborating with other teams in the Ubuntu community and upstream developers, as needed, to exchange or develop vulnerability patches and ensure that Ubuntu includes the most robust security features
• Auditing source code for vulnerabilities
• Building features and tools to help teams strengthen the security of their products and contribute to the overall security of Ubuntu
  

• You have a thorough understanding of the common categories of security vulnerabilities and techniques for fixing them
• You are familiar with coordinated disclosure practices
• You are familiar with open source development tools and methodologies
• You are skilled in one or more of C, Python, Go, Rust, Java, Ruby, PHP or JavaScript/TypeScript
• You have excellent logic, problem-solving, troubleshooting, and decision-making skills
• You can clearly and effectively communicate with the team and Ubuntu community members
• Experience with Linux (Debian or Ubuntu preferred)
• Excellent interpersonal skills, curiosity, flexibility, and accountability
• Appreciative of diversity, polite, and effective in a multi-cultural, multi-national organization
• Thoughtfulness and self-motivation
• Result-oriented, with a personal drive to meet commitments
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Team Member Assistance Program & Wellness Platform
• Opportunity to travel to new locations to meet colleagues
• Priority Pass and travel upgrades for long-haul company events
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Security Engineer jobs in Hong Kong SAR .

Hong Kong SAR $4,800.00-$7,200.00 2 weeks ago

Hong Kong, Hong Kong SAR SGD24,000.00-SGD60,000.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

We are working with a decentralised exchange which looks to innovate on providing the best of CEXs and DEXs, focusing on building a safe, simple and scalable platform for trading. They differentiate themselves by offering institutional level systems and support whilst remaining on-chain and decentralised.

We are in search of a Security Engineer to join their vibrant team, where you will play a crucial role in pinpointing risks across the organisation. Collaborating with each team, you will focus on identifying, alerting, mitigating, and preventing risks. This role offers you the chance to contribute to shaping, constructing, and pioneering security solutions in a swiftly evolving industry.

What you’ll be doing:

• Architecting, implementing, and managing comprehensive security solutions.
• Establish and enforce security policies, standards, and guidelines that comply with industry regulations and best practices.
• Participate in penetration testing and purple teaming with ongoing or new projects to ensure their security posture is at a high level.
• Monitor and respond to security incidents, ensuring quick resolution.
• Build automation and leverage security frameworks with engineers that are able to improve security and reduce friction.
• Take part in critical discussion topics, with the ability to challenge decisions and the status quo; we take collaboration and feedback seriously, believing it is one of the foundational principles of a great team.

What we’re looking for:

• Strong Information Security (InfoSec) skills, with proven experience in application security or a relevant field.
• Hands-on experience of developing, engineering, or architecting within a public cloud environment.
• Experience with engineering, using infrastructure-as-code (such as Terraform and Ansible).
• Experience with performing threat modelling exercises or a very good understanding of the methodology and ability to assess a project's risk.
• Understanding of container and DevSecOps concepts (we use DefectDojo) with CI/CD experience.
• Familiarity with blockchain technology and cryptocurrency trading platforms.

Bonus Points:

• Professional certifications such as OSCP, CISSP, CDP & CMTP.
• Experience with IT security frameworks such as SOC 2 and ISO 27001.

#LI-REMOTE

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

Working Location *

EMEA - Europe

APAC - Asia Pacific

LATIN - Latin America

UAE

Others

Do you have any Web3 experience? * Select.

Web3 Vertical Experience *

Defi

NFT

Gamefi

Infrastructure

ZK

Exchanges

VC

Chain

DePin

Accelerator

Incubator

Trading

Asset Management

Others

Any personal experience in Web3 (e.g. side project, personal investment) if no professional experience. *

We are working with a decentralised exchange which looks to innovate on providing the best of CEXs and DEXs, focusing on building a safe, simple and scalable platform for trading. They differentiate themselves by offering institutional level systems and support whilst remaining on-chain and decentralised.

We are in search of a Security Engineer to join their vibrant team, where you will play a crucial role in pinpointing risks across the organisation. Collaborating with each team, you will focus on identifying, alerting, mitigating, and preventing risks. This role offers you the chance to contribute to shaping, constructing, and pioneering security solutions in a swiftly evolving industry.

What you’ll be doing:

• Architecting, implementing, and managing comprehensive security solutions.
• Establish and enforce security policies, standards, and guidelines that comply with industry regulations and best practices.
• Participate in penetration testing and purple teaming with ongoing or new projects to ensure their security posture is at a high level.
• Monitor and respond to security incidents, ensuring quick resolution.
• Build automation and leverage security frameworks with engineers that are able to improve security and reduce friction.
• Take part in critical discussion topics, with the ability to challenge decisions and the status quo; we take collaboration and feedback seriously, believing it is one of the foundational principles of a great team.

What we’re looking for:

• Strong Information Security (InfoSec) skills, with proven experience in application security or a relevant field.
• Hands-on experience of developing, engineering, or architecting within a public cloud environment.
• Experience with engineering, using infrastructure-as-code (such as Terraform and Ansible).
• Experience with performing threat modelling exercises or a very good understanding of the methodology and ability to assess a project's risk.
• Understanding of container and DevSecOps concepts (we use DefectDojo) with CI/CD experience.
• Familiarity with blockchain technology and cryptocurrency trading platforms.

Bonus Points:

• Professional certifications such as OSCP, CISSP, CDP & CMTP.
• Experience with IT security frameworks such as SOC 2 and ISO 27001.

#LI-REMOTE

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

Working Location *

EMEA - Europe

APAC - Asia Pacific

LATIN - Latin America

UAE

Others

Do you have any Web3 experience? * Select.

Web3 Vertical Experience *

Defi

NFT

Gamefi

Infrastructure

ZK

Exchanges

VC

Chain

DePin

Accelerator

Incubator

Trading

Asset Management

Others

Any personal experience in Web3 (e.g. side project, personal investment) if no professional experience. *