53 Software Security jobs in Hong Kong

Join to apply for the Expert Application Security Engineer (iOS) role at OKX

2 weeks ago Be among the first 25 applicants

Join to apply for the Expert Application Security Engineer (iOS) role at OKX

About OKX
At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.

About OKX
At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.
We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.
Responsibilities

• Identify and address security vulnerabilities in code, systems, and networks using manual review, automated tools, and threat modeling.
• Manage and optimize application security tools, processes, and alerts.
• Validate and respond to Bug Bounty submissions.
• Stay informed on the latest offensive security techniques, application security threats, and best practices, and suggest improvements to enhance our security posture.
• Produce detailed reports of your findings, present them to both management and technical teams, and contribute to preventing real-world attacks.
• Collaborate with development teams to implement secure coding practices.
• Work alongside other teams, including operations and compliance, to ensure that security is a consistent priority across the organization.
• Participate in incident response and management activities.
  

• 3+ years of experience in offensive security techniques.
• In-depth understanding of security risks, vulnerabilities, and concepts in web and mobile applications.
• Proficient in code review, particularly with Kotlin/Swift/Typescript/JavaScript, with a strong grasp of application security threats.
• Ability to create proof-of-concepts (PoCs) to demonstrate vulnerabilities, review patch code for adherence to standards, and collaborate with repository owners and maintainers.
• Strong analytical and problem-solving abilities.
• Excellent verbal and written communication skills.
  

• Prior experience in developing mobile security SDKs with a daily active user base of over ten million is preferred.
• Participated in large-scale business risk control projects, or have practical experience in threat intelligence/business risk prevention, and analysis/countermeasures against black and gray industries.
• In-depth reverse engineering of major apps from first-tier vendors, or other experiences/projects that demonstrate reverse engineering capabilities.
• Priority given to candidates who can simultaneously master relevant technologies on multiple platforms.
• Proficient in ARM assembly, capable of deep-level countermeasures at the native and application layers.
• Have certain capabilities in device fingerprint recognition, able to simulate new devices through methods such as flashing, modification, and application cloning.
  

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• More that we love to tell you along the process!

• Seniority level Mid-Senior level

• Employment type Full-time

• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at OKX by 2x

Get notified about new Application Security Engineer jobs in Singapore, Singapore .

Masai, Johore, Malaysia MYR500.00-MYR800.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Get AI-powered advice on this job and more exclusive features.

About Us

Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the

About Us

Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the Global Top 100 Most Loved Workplaces by Newsweek 2025.

The Security Team

The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.

As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.

About The Role

The Chainlink Labs Product Security team is looking for a driven and passionate Security Engineer to join our rapidly expanding team. You will help design and advise other teams on secure and scalable architectures, assist with their implementation, and develop entirely new and novel systems that protect Chainlink and the Web3 ecosystem. You’ll have the opportunity to help shape and secure the next generation of Web3 products and infrastructure.

What You Will Do

• Build security tools and controls that are deployed across the company
• Design, develop, and deploy new core security features to public Chainlink products like the Chainlink core node
• Define new processes and systems that make attacks on our networks hard to execute and easy to detect
• Immerse yourself in Chainlink’s upcoming engineering and non-engineering projects and ensure security is fundamental to their design and functionality
• Help define, shape, and achieve the company’s broader security goals
  
  

• Experience in Go or Rust
• Experience in a security related function
• Experience building security software or securing enterprise systems
• Comfortable with *nix operating systems (including macOS)
• Ability to adapt to fast changing environment and set of technologies
  
  

• Experience writing or auditing Solidity
• Experience auditing or securing frontends (React, NPM)
• Strong understanding of cryptography, including concepts such as TLS, FIDO, encryption, and public key cryptography
• Familiarity with security analysis tooling and frameworks
• Enthusiasm for the Ethereum (and other EVM compatible networks) with experience in tooling development, hardware wallets, and deployments
• Experience working on open source software with a GitHub history to prove it
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Technology, Information and Internet

Referrals increase your chances of interviewing at Chainlink Labs by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Join to apply for the Security Engineer, Product Security role at Chainlink Labs

Get AI-powered advice on this job and more exclusive features.

About Us
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the

About Us
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked as one of the Global Top 100 Most Loved Workplaces by Newsweek 2025.
The Security Team
The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.
As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.
About The Role
The Chainlink Labs Product Security team is looking for a driven and passionate Security Engineer to join our rapidly expanding team. You will help design and advise other teams on secure and scalable architectures, assist with their implementation, and develop entirely new and novel systems that protect Chainlink and the Web3 ecosystem. You’ll have the opportunity to help shape and secure the next generation of Web3 products and infrastructure.
What You Will Do

• Build security tools and controls that are deployed across the company
• Design, develop, and deploy new core security features to public Chainlink products like the Chainlink core node
• Define new processes and systems that make attacks on our networks hard to execute and easy to detect
• Immerse yourself in Chainlink’s upcoming engineering and non-engineering projects and ensure security is fundamental to their design and functionality
• Help define, shape, and achieve the company’s broader security goals
  

• Experience in Go or Rust
• Experience in a security related function
• Experience building security software or securing enterprise systems
• Comfortable with *nix operating systems (including macOS)
• Ability to adapt to fast changing environment and set of technologies
  

• Experience writing or auditing Solidity
• Experience auditing or securing frontends (React, NPM)
• Strong understanding of cryptography, including concepts such as TLS, FIDO, encryption, and public key cryptography
• Familiarity with security analysis tooling and frameworks
• Enthusiasm for the Ethereum (and other EVM compatible networks) with experience in tooling development, hardware wallets, and deployments
• Experience working on open source software with a GitHub history to prove it
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Technology, Information and Internet

Referrals increase your chances of interviewing at Chainlink Labs by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Ubuntu Security Engineer role at Canonical

3 days ago Be among the first 25 applicants

Join to apply for the Ubuntu Security Engineer role at Canonical

Get AI-powered advice on this job and more exclusive features.

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. Our customers include the world's leading public cloud and silicon providers, and industry leaders in many sectors. The company is a pioneer of global distributed collaboration, with 1200+ colleagues in 75+ countries and very few office-based roles. Teams meet two to four times yearly in person, in interesting locations around the world, to align on strategy and execution.

The company is founder-led, profitable, and growing.

Canonical is building a team dedicated to providing security coverage across a wide range of ecosystems and environments, working to make the world a better, safer place. We are hiring an Ubuntu Security Engineer to join an industry-leading security engineering team and help protect the open source community and Ubuntu users from emerging threats. We are looking for candidates across all levels of experience, from Graduate to Senior.

As part of the Ubuntu Security Team, you will work with some of the best and brightest people in technology to monitor, triage, respond to, and document new and existing vulnerabilities in open source software. You will collaborate with internal teams and external partners to identify issues, prioritize them, and coordinate remediation.

This is an engineering-focused role that may also involve activities such as producing security assessments, building features, conducting code reviews, developing internal tools, engaging with the open source community, and participating in industry initiatives and events.

This role requires international travel at least twice a year, usually for one week. It also requires the ability to be productive in a globally distributed team through self-discipline and self-motivation.

Location: Worldwide, this is a globally remote role

The role entails

• Analyzing, fixing, and testing vulnerabilities in open source packages
• Keeping track of vulnerabilities in the Ubuntu ecosystem as they are discovered, researched, and fixed, leveraging internal tools
• Collaborating with other teams in the Ubuntu community and upstream developers, as needed, to exchange or develop vulnerability patches and ensure that Ubuntu includes the most robust security features
• Auditing source code for vulnerabilities
• Building features and tools to help teams strengthen the security of their products and contribute to the overall security of Ubuntu
  
  

• You have a thorough understanding of the common categories of security vulnerabilities and techniques for fixing them
• You are familiar with coordinated disclosure practices
• You are familiar with open source development tools and methodologies
• You are skilled in one or more of C, Python, Go, Rust, Java, Ruby, PHP or JavaScript/TypeScript
• You have excellent logic, problem-solving, troubleshooting, and decision-making skills
• You can clearly and effectively communicate with the team and Ubuntu community members
• Experience with Linux (Debian or Ubuntu preferred)
• Excellent interpersonal skills, curiosity, flexibility, and accountability
• Appreciative of diversity, polite, and effective in a multi-cultural, multi-national organization
• Thoughtfulness and self-motivation
• Result-oriented, with a personal drive to meet commitments
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Team Member Assistance Program & Wellness Platform
• Opportunity to travel to new locations to meet colleagues
• Priority Pass and travel upgrades for long-haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Security Engineer jobs in Hong Kong SAR .

Hong Kong SAR $4,800.00-$7,200.00 2 weeks ago

Hong Kong, Hong Kong SAR SGD24,000.00-SGD60,000.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the Ubuntu Security Engineer role at Canonical

3 days ago Be among the first 25 applicants

Join to apply for the Ubuntu Security Engineer role at Canonical

Get AI-powered advice on this job and more exclusive features.

Canonical is a leading provider of open source software and operating systems to the global enterprise and technology markets. Our platform, Ubuntu, is very widely used in breakthrough enterprise initiatives such as public cloud, data science, AI, engineering innovation, and IoT. Our customers include the world's leading public cloud and silicon providers, and industry leaders in many sectors. The company is a pioneer of global distributed collaboration, with 1200+ colleagues in 75+ countries and very few office-based roles. Teams meet two to four times yearly in person, in interesting locations around the world, to align on strategy and execution.
The company is founder-led, profitable, and growing.
Canonical is building a team dedicated to providing security coverage across a wide range of ecosystems and environments, working to make the world a better, safer place. We are hiring an Ubuntu Security Engineer to join an industry-leading security engineering team and help protect the open source community and Ubuntu users from emerging threats. We are looking for candidates across all levels of experience, from Graduate to Senior.
As part of the Ubuntu Security Team, you will work with some of the best and brightest people in technology to monitor, triage, respond to, and document new and existing vulnerabilities in open source software. You will collaborate with internal teams and external partners to identify issues, prioritize them, and coordinate remediation.
This is an engineering-focused role that may also involve activities such as producing security assessments, building features, conducting code reviews, developing internal tools, engaging with the open source community, and participating in industry initiatives and events.
This role requires international travel at least twice a year, usually for one week. It also requires the ability to be productive in a globally distributed team through self-discipline and self-motivation.
Location: Worldwide, this is a globally remote role
The role entails

• Analyzing, fixing, and testing vulnerabilities in open source packages
• Keeping track of vulnerabilities in the Ubuntu ecosystem as they are discovered, researched, and fixed, leveraging internal tools
• Collaborating with other teams in the Ubuntu community and upstream developers, as needed, to exchange or develop vulnerability patches and ensure that Ubuntu includes the most robust security features
• Auditing source code for vulnerabilities
• Building features and tools to help teams strengthen the security of their products and contribute to the overall security of Ubuntu
  

• You have a thorough understanding of the common categories of security vulnerabilities and techniques for fixing them
• You are familiar with coordinated disclosure practices
• You are familiar with open source development tools and methodologies
• You are skilled in one or more of C, Python, Go, Rust, Java, Ruby, PHP or JavaScript/TypeScript
• You have excellent logic, problem-solving, troubleshooting, and decision-making skills
• You can clearly and effectively communicate with the team and Ubuntu community members
• Experience with Linux (Debian or Ubuntu preferred)
• Excellent interpersonal skills, curiosity, flexibility, and accountability
• Appreciative of diversity, polite, and effective in a multi-cultural, multi-national organization
• Thoughtfulness and self-motivation
• Result-oriented, with a personal drive to meet commitments
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Team Member Assistance Program & Wellness Platform
• Opportunity to travel to new locations to meet colleagues
• Priority Pass and travel upgrades for long-haul company events
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Security Engineer jobs in Hong Kong SAR .

Hong Kong SAR $4,800.00-$7,200.00 2 weeks ago

Hong Kong, Hong Kong SAR SGD24,000.00-SGD60,000.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

We are working with a decentralised exchange which looks to innovate on providing the best of CEXs and DEXs, focusing on building a safe, simple and scalable platform for trading. They differentiate themselves by offering institutional level systems and support whilst remaining on-chain and decentralised.

We are in search of a Security Engineer to join their vibrant team, where you will play a crucial role in pinpointing risks across the organisation. Collaborating with each team, you will focus on identifying, alerting, mitigating, and preventing risks. This role offers you the chance to contribute to shaping, constructing, and pioneering security solutions in a swiftly evolving industry.

What you’ll be doing:

• Architecting, implementing, and managing comprehensive security solutions.
• Establish and enforce security policies, standards, and guidelines that comply with industry regulations and best practices.
• Participate in penetration testing and purple teaming with ongoing or new projects to ensure their security posture is at a high level.
• Monitor and respond to security incidents, ensuring quick resolution.
• Build automation and leverage security frameworks with engineers that are able to improve security and reduce friction.
• Take part in critical discussion topics, with the ability to challenge decisions and the status quo; we take collaboration and feedback seriously, believing it is one of the foundational principles of a great team.

What we’re looking for:

• Strong Information Security (InfoSec) skills, with proven experience in application security or a relevant field.
• Hands-on experience of developing, engineering, or architecting within a public cloud environment.
• Experience with engineering, using infrastructure-as-code (such as Terraform and Ansible).
• Experience with performing threat modelling exercises or a very good understanding of the methodology and ability to assess a project's risk.
• Understanding of container and DevSecOps concepts (we use DefectDojo) with CI/CD experience.
• Familiarity with blockchain technology and cryptocurrency trading platforms.

Bonus Points:

• Professional certifications such as OSCP, CISSP, CDP & CMTP.
• Experience with IT security frameworks such as SOC 2 and ISO 27001.

#LI-REMOTE

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

Working Location *

EMEA - Europe

APAC - Asia Pacific

LATIN - Latin America

UAE

Others

Do you have any Web3 experience? * Select.

Web3 Vertical Experience *

Defi

NFT

Gamefi

Infrastructure

ZK

Exchanges

VC

Chain

DePin

Accelerator

Incubator

Trading

Asset Management

Others

Any personal experience in Web3 (e.g. side project, personal investment) if no professional experience. *

We are working with a decentralised exchange which looks to innovate on providing the best of CEXs and DEXs, focusing on building a safe, simple and scalable platform for trading. They differentiate themselves by offering institutional level systems and support whilst remaining on-chain and decentralised.

We are in search of a Security Engineer to join their vibrant team, where you will play a crucial role in pinpointing risks across the organisation. Collaborating with each team, you will focus on identifying, alerting, mitigating, and preventing risks. This role offers you the chance to contribute to shaping, constructing, and pioneering security solutions in a swiftly evolving industry.

What you’ll be doing:

• Architecting, implementing, and managing comprehensive security solutions.
• Establish and enforce security policies, standards, and guidelines that comply with industry regulations and best practices.
• Participate in penetration testing and purple teaming with ongoing or new projects to ensure their security posture is at a high level.
• Monitor and respond to security incidents, ensuring quick resolution.
• Build automation and leverage security frameworks with engineers that are able to improve security and reduce friction.
• Take part in critical discussion topics, with the ability to challenge decisions and the status quo; we take collaboration and feedback seriously, believing it is one of the foundational principles of a great team.

What we’re looking for:

• Strong Information Security (InfoSec) skills, with proven experience in application security or a relevant field.
• Hands-on experience of developing, engineering, or architecting within a public cloud environment.
• Experience with engineering, using infrastructure-as-code (such as Terraform and Ansible).
• Experience with performing threat modelling exercises or a very good understanding of the methodology and ability to assess a project's risk.
• Understanding of container and DevSecOps concepts (we use DefectDojo) with CI/CD experience.
• Familiarity with blockchain technology and cryptocurrency trading platforms.

Bonus Points:

• Professional certifications such as OSCP, CISSP, CDP & CMTP.
• Experience with IT security frameworks such as SOC 2 and ISO 27001.

#LI-REMOTE

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

Working Location *

EMEA - Europe

APAC - Asia Pacific

LATIN - Latin America

UAE

Others

Do you have any Web3 experience? * Select.

Web3 Vertical Experience *

Defi

NFT

Gamefi

Infrastructure

ZK

Exchanges

VC

Chain

DePin

Accelerator

Incubator

Trading

Asset Management

Others

Any personal experience in Web3 (e.g. side project, personal investment) if no professional experience. *

Join to apply for the Linux Cryptography and Security Engineer role at Canonical

3 days ago Be among the first 25 applicants

Join to apply for the Linux Cryptography and Security Engineer role at Canonical

This is a unique opportunity to use your software engineering and cryptography skills to build and maintain the security foundation that enables Ubuntu and its users to operate securely and remain compliant to international information security standards such as FIPS 140-3 and Common Criteria. You will use your applied cryptography, Linux Security, and coding skills to enhance the Ubuntu distribution and work with organizations such as DISA and CIS to draft and implement security hardening benchmarks for Ubuntu.

As a member of the Security Hardening team you will work with and develop automation tooling to audit deployed systems for DISA-STIG and CIS benchmark compliance. You will interact with internal and external stakeholders to identify gaps in our frameworks, and develop new solutions to address these challenges. In this role you will have the opportunity to influence team and security culture, facilitate technical delivery, and help drive team direction and execution. You'll collaborate closely with Canonical's kernel team as well as the wider engineering organization to drive features impacting all Ubuntu users.

Day-to-day responsibilities

• Collaborate with other engineers in the Security Hardening team to achieve and retain various Security certifications
• Extend and enhance Linux cryptographic components (OpenSSL, Libgcrypt, GnuTLS, and others) with the features and functionality required for FIPS and CC certification
• Collaborate with external security consultants to test and validate kernel and crypto module components
• Work with external partners to develop security hardening benchmarks and audit + remediation automation for Ubuntu
• Contribute to Ubuntu mainline and upstream projects to land solutions and benefit the community
• Communication and collaboration within and outside Canonical to identify opportunities to improve our security posture, rapidly resolve issues, and deliver high-quality solutions on schedule
  
  

• Hands-on experience with low-level Linux cryptography APIs and debugging
• Excellent software engineering fundamentals, including prior experience with C development, and the ability to demonstrate such
• Hands-on experience with Linux system administration and shell scripting
• Demonstrated knowledge of security and cryptography fundamentals + direct experience writing secure code and implementing best practices
• Significant development experience working with open source libraries
• Excellent verbal and written communications to enable efficient collaboration with internal and external partners in a remote-first environment
  
  

• Prior experience working on FIPS/Common Criteria certified products and in-depth knowledge of the underlying standards
• Prior experience working directly with DISA-STIG or CIS benchmarks, including related audit + remediation tooling (e.g. Compliance as Code)
• Experience working directly with Linux Kernel
• Prior experience with Python, OVAL (Open Vulnerability Assessment Language), and Ansible
• History of contributions to open source projects
  
  

• Distributed work environment with twice-yearly team sprints in person - we've been working remotely since 2004!
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues from your team and others
• Priority Pass for travel and travel upgrades for long haul company events
  
  

• Seniority level Entry level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Security Engineer jobs in Hong Kong SAR .

Hong Kong SAR $28,000.00-$5,500.00 3 weeks ago

Hong Kong, Hong Kong SAR SGD24,000.00-SGD60,000.00 1 month ago

Hong Kong SAR 4,800.00- 7,200.00 2 weeks ago

Hong Kong, Hong Kong SAR SGD72,000.00-SGD120,000.00 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

1 week ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Principle Partners

Our client is a global quantitative hedge fund operating across all liquid asset classes worldwide. They are seeking a technically skilled AWS Security Engineer to secure and optimise their AWS cloud infrastructure. You will implement critical security controls and enhancements while collaborating with stakeholders across the business from IT and operations to risk management and executive leadership to ensure alignment with theiur overall security objectives.

This role is based in Hong Kong only.

Key Responsibilities:

• Cloud Security Implementation: Assist in refining their AWS security strategy by applying industry-standard controls and continuously enhancing their cloud security posture.
• IAM & Access Management: Help manage and optimise Identity and Access Management (IAM) frameworks, including the application of permission boundaries to enforce least privilege access.
• Policy Enforcement: Support the implementation and upkeep their Service Control Policies (SCP) and Resource Control Policies (RCP) across AWS accounts to ensure the consistent application of security best practices.
• Security Services Integration: Deploy and manage AWS security services (e.g., GuardDuty, Security Hub, CloudTrail, Config) to monitor, detect, and respond to threats while ensuring continuous security oversight.
• Encryption & Data Protection: Support the integration of encryption solutions such as KMS to protect sensitive data and maintain compliance with regulatory standards.
• Security Baselining: Help establish and maintain security baselines for AWS environments, continuously monitoring for deviations and ensuring adherence to compliance requirements.
• Automation Frameworks: Contribute to the development and deploy robust automation frameworks using Infrastructure as Code (IaC) tools such as Terraform or CloudFormation, enhancing operational efficiency and supporting proactive security improvements.
• Cloud Security Operations: Enhance their cloud security operations by leveraging tools and methodologies across CSPM, CWNP, and ASPM frameworks to continuously monitor, detect, and respond to security issues.
• Stakeholder Management: Engage with a wide range of stakeholders across the business to ensure the integration and alignment of security measures across all operational areas.

Required skillset:

• Experience: Minimum of 3 years in cloud security, platform security, or engineering roles, including related experience in fields such as DevSecOps.
• AWS Expertise: Experience with AWS cloud services and a deep understanding of AWS security best practices, including expertise in IAM, permission boundaries, SCP, and RCP.
• Technical Proficiency: Experience implementing and optimising secure cloud architectures while leveraging AWS security services to mitigate risks and protect critical assets.
• Security Baselining: Demonstrable experience in establishing and maintaining security baselines to ensure consistent and compliant cloud configurations.
• Automation & IaC: Exposure Infrastructure as Code (IaC) tools such as Terraform or CloudFormation, with a strong focus on developing and managing stable automation frameworks.
• Python Scripting: Familiarity in Python scripting to support automation and security tooling.
• Cloud Security Operations: Familiarity in managing cloud security operations utilising tools such as CSPM, CWNP, and ASPM to maintain continuous compliance and security oversight.
• Stakeholder Engagement: Experience in managing stakeholder relationships and collaborate effectively across various teams to align security initiatives with broader business objectives.
• Analytical & Collaborative: Strong problem-solving and analytical skills, with effective verbal and written communication to thrive in a dynamic, high-paced environment.
• Learning Orientation: Strong desire to grow within the cloud and security space, taking initiative and seeking mentorship where needed.

• Seniority level Mid-Senior level

• Employment type Full-time

• Industries Capital Markets, Financial Services, and Investment Management

Referrals increase your chances of interviewing at Principle Partners by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.