What Jobs are available for Vulnerability Assessment in Hong Kong?

Company Description: A leading technology, media, and telecommunication provider with over 150 years of history in Hong Kong. It offers comprehensive connectivity, smart living, and end-to-end enterprise solutions for local and international businesses.

Location: Central

Nature: Renewable Contract for 12 months

Job Title
: Security Engineer AWS, Penetration Testing)

Responsibilities

• Act as the Primary Point of Contact for all local security-related requests and requirements.

• Coordinate with internal security stakeholders to efficiently address issues and ensure smooth communication flow.

• Conduct proactive Vulnerability and Common Vulnerabilities and Exposures (CVE) research that impacts the company's local systems and applications.

• Provide timely mitigation guidance, including recommendations for patches, configuration adjustments, or compensating controls.

• Test security patches in lower environments, such as Development and Sandbox, prior to deployment in production.

• Create and share production-ready commands and scripts for the validation of security fixes in the production environment.

• Perform penetration testing on local applications as requested by the security team.

• Validate security fixes and provide re-test reports to confirm the successful closure of identified issues.

• Assist the team in meeting fundamental compliance requirements through documentation, evidence gathering, and control validation.

• Provide advisory support on aligning security practices with applicable regional regulatory standards.

Requirements

• Possess three to four years of relevant experience in a security-focused role.

• AWS Cloud certification is mandatory for this position.

• Penetration testing certification is highly preferred.

• Demonstrated expert knowledge and experience in applying AWS cloud security best practices.

• Proven ability to support an application security program through secure design reviews, threat modeling, and code-level security guidance.

• Excellent problem-solving and analytical skills to research and resolve complex security issues.

• Strong communication and coordination skills to effectively liaise with technical and non-technical stakeholders.

Client Description

Company Description: A leading technology, media, and telecommunication provider with over 150 years of history in Hong Kong. It offers comprehensive connectivity, smart living, and end-to-end enterprise solutions for local and international businesses.

Location: Central

Nature: Renewable Contract for 12 months

Job Description

• Act as the Primary Point of Contact for all local security-related requests and requirements.
• Coordinate with internal security stakeholders to efficiently address issues and ensure smooth communication flow.
• Conduct proactive Vulnerability and Common Vulnerabilities and Exposures (CVE) research that impacts the company's local systems and applications.
• Provide timely mitigation guidance, including recommendations for patches, configuration adjustments, or compensating controls.
• Test security patches in lower environments, such as Development and Sandbox, prior to deployment in production.
• Create and share production-ready commands and scripts for the validation of security fixes in the production environment.
• Perform penetration testing on local applications as requested by the security team.
• Validate security fixes and provide re-test reports to confirm the successful closure of identified issues.
• Assist the team in meeting fundamental compliance requirements through documentation, evidence gathering, and control validation.
• Provide advisory support on aligning security practices with applicable regional regulatory standards.

Job Requirements

• Possess three to four years of relevant experience in a security-focused role.
• AWS Cloud certification is mandatory for this position.
• Penetration testing certification is highly preferred.
• Demonstrated expert knowledge and experience in applying AWS cloud security best practices.
• Proven ability to support an application security program through secure design reviews, threat modeling, and code-level security guidance.
• Excellent problem-solving and analytical skills to research and resolve complex security issues.
• Strong communication and coordination skills to effectively liaise with technical and non-technical stakeholders.

FSO Consulting – Technology Risk – Penetration Testing & Purple Team – Senior Consultant/Consultant – Hong Kong

At EY, we're all in to shape your future with confidence.

We'll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

Join EY and help to build a better working world.

The Opportunity

Technology compliance, licensing, governance setup, massive data storage and related privacy security, virtual asset management, and resilience of the business require rigorous technology risk measures to safeguard the crown jewels and comply with regulatory requirements. support businesses to identify and manage risks while enhancing their agility.

Join EY's Technology Risk and Cyber Team and become a key player in defending against cyber threats. As a Senior Consultant, you will work with top-tier talent in a collaborative environment, tackling complex cybersecurity challenges and simulating real-world cyber-attacks. At EY, you will also guide clients to manage technology risks, comply with regulatory requirements, and strengthen their cybersecurity posture. You will apply your technical skills to help businesses identify and manage risks while enhancing their agility.

Your key responsibilities

Under the leadership of the project manager, you will:

• Conduct Technology Compliance Reviews
  : Assess institutions in banking, wealth and asset management, and insurance across Hong Kong, the Greater Bay Area, and other regions.
• IT Risk Assurance
  : Deliver quality, independent audits of financial systems to ensure integrity and compliance.
• Risk Analysis & Controls Evaluation
  : Analyze IT environments, identify risks, and evaluate controls (including cloud security) according to regulatory requirements and industry best practices.
• Vulnerability Assessment & Penetration Testing
  : Perform in-depth vulnerability scans and penetration tests to uncover security risks.
• Cyber-Attack Simulation
  : Simulate real-world attacks to identify vulnerabilities and recommend cybersecurity improvements.
• IT System Architecture Review
  : Evaluate IT system architectures and configurations.
• Incident Response
  : Respond promptly to security incidents and support clients in managing and recovering from breaches.

What we look for

• A Bachelor's degree or Master's degree preferably in one of the following areas: Information Security, Information Systems, Computer Science, Engineering, and other related majors.
• 1-4 years of relevant experience in penetration testing, offensive security assessments, or Purple Team engagements (consulting experience preferred).
• Industry-recognized certifications such as OSCP, OSWE, OSEP, OSEE, GPEN, CRTO, GXPN, CRTP, CRTE, or equivalent. Candidates who are actively pursuing these certifications are also encouraged to apply.
• Strong knowledge of security frameworks, protocols, and attack vectors (e.g., OWASP, MITRE ATT&CK, NIST, ISO).
• Experience with vulnerability assessment and penetration testing tools (e.g., Burp Suite, Nmap, Metasploit, Nessus, Cobalt Strike, BloodHound, PowerShell).
• Understanding of TCP/IP, DNS, VPNs, firewalls, and network protocols.
• Strong knowledge of cloud security, secure development practices, and crafting/red teaming offensive infrastructure.
• Familiarity with Windows and Linux environments, including Active Directory attacks, lateral movement, and persistence techniques.
• Experience in incident response, threat hunting, and malware analysis.
• Familiarity with security event analysis, incident response, and computer forensics tools.
• Experience in bypassing modern defensive controls (e.g., EDRs, network defenses, email filters).
• Experience in performing digital forensics and incident response analysis (e.g., network, application/log analysis, disk forensics, memory forensics, malware analysis, cloud forensics, endpoint forensics). Expert knowledge of common security tools (including EDR, DLP, UEBA, SIEM, SOAR, and other related forensics platforms) is a plus.
• Knowledge of SQL, Python or other programming languages would be considered as an advantage
• Candidates with less experience may be considered for the Consultant role

What we offer you

At EY, we'll develop you with future-focused skills and equip you with world-class experiences. We'll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.

Are you ready to shape your future with confidence? Apply today.

To help create an equitable and inclusive experience during the recruitment process, please inform us as soon as possible about any disability-related adjustments or accommodations you may need.

EY
| Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanctions compliance
• Candidate with more experience would be considered as Senior AML Manager
• Require to master at least 1 or more of the following key fields:  AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Handle the risk requirement and reporting related to other risks on departmental level
• Handle all sorts of business action plan and strategy report of the department
• Assist to conduct regular analysis to identify emerging AML/CFT risks faced by the Bank and other relevant changes of risk
• Provide comment independently and assist on the development and design, review and ongoing optimization of the AML /CFT risk assessment framework and relevant model
• Follow-up and conduct monitoring on the recommendations made to the model by internal and external auditor, regulator and other compliance team

• Bachelor degree or above in related disciplines
• Required to obtain CAMLP of HKAB or other internationally recognized professional qualifications
• 5 years or above of working experience in banking, law enforcement and regulatory institution or other industry related to AML and sanction compliance
• Require to master at least 1 or more of the following key fields: AML policy and compliance requirement; customer and product due diligence; AML risk model; compliance review; formulate business and product risk control measures; suspicious transaction case investigation; AML system model management; fraud and corruptions risk control, prevent and investigation
• Good command of execution capabilities, independently and proactively coordinate with each team to implement relevant control measures and requirement to ensure completing the work timely
• Good command of analytic capabilities, conduct analysist on all sorts of data and information, propose risk points in various fields and make recommendations on corresponding controls
• Good command of communication skills and capabilities to organize report and information, coordinate the communication among each divisions and departments proactively and process information efficiently and systematically
• Good command of both written and spoken English and Chinese and report writing ability
• Agree and carry out corporate values, abide by law and regulations and be responsible and dedicated

• Coordinate other risk-related control requirements and reporting at the department level
• Coordinate business action plans, strategy reports, and other initiatives within the headquarters
• Conduct periodic analysis to identify emerging money laundering and terrorist financing risks faced by the Bank and related risk changes
• Provide independent advice and support for the development, design, review, and continuous improvement of the ML/TF risk assessment framework and related models
• Monitor follow-up actions on model recommendations made by internal/external auditors, regulators, and other compliance teams
• Supervise and support the subordinates

• Bachelor degree or above in Law, Banking and Finance, Accounting or related disciplines
• Relevant qualification in CAMS, ECF (AML/CFT) Core Level, FRM, CPA, ACCA will be an advantage
• Prior experience in IT audit is preferred
• Good Knowledge in one or more of key areas on AML policies and compliance requirements, customer and product due diligence, AML risk modeling, compliance inspections, development of business and product risk control measures, suspicious transaction case investigations, AML system model management, fraud and corruption risk prevention and investigation.
• Strong execution capabilities, independently and proactively coordinating across teams to implement relevant control measures and requirements, ensuring timely completion of tasks
• Possess analytical skills to analyze diverse data and information, identify risk points across domains, and propose corresponding controls
• Excellent communication and report/information organization capabilities
• Exhibit project promotion capabilities to actively coordinate and drive projects assigned by superiors

Are you dedicated to excellence in your work? Do you excel in a team-oriented environment, upholding integrity and responsibility while embracing opportunities for growth? We welcome you to join a dynamic team committed to outstanding performance.

We are a globally renowned organization in the hospitality sector, celebrated for delivering unparalleled experiences in top-tier locations worldwide. Our focus on innovation and exceptional service fuels our success, and we are looking for a skilled professional to enhance our cybersecurity team.

Position Title: Security Analyst

Position Objective:

The Security Analyst will contribute to global cybersecurity efforts by overseeing, evaluating, and strengthening security measures across on-premises, cloud, and mobile platforms. This role will partner with security engineers, architects, and IT teams to identify, analyze, and mitigate threats, ensuring compliance and robustness throughout our digital infrastructure.

Key Responsibilities:

• Oversee the performance, reliability, stability, and compliance of security systems, working with business units to address deficiencies
• Identify and respond to network irregularities and malware incidents across various security tools
• Administer and monitor Data Loss Prevention (DLP) solutions for networks, hosts, and cloud environments
• Examine and handle alerts from Security Information and Event Management (SIEM) systems
• Supervise email and spam filtering systems, addressing malicious activities
• Manage application whitelisting and file integrity monitoring processes
• Ensure adherence to cybersecurity configurations through vulnerability management tools
• Address vulnerabilities and findings from penetration testing
• Undertake additional tasks as directed by the Manager, Security Architecture

Qualifications:

• Bachelor's degree in Information Systems, Computer Science, or comparable experience
• 2–4 years of experience in IT or cybersecurity positions
• Proficient in SIEM, Intrusion Detection/Prevention Systems (IDS/IPS), malware defense, DLP, Identity and Access Management (IAM), vulnerability scanning, and incident response

Our Commitment to You:

• Learning & Development: We support your success with customized training programs to foster your career growth.
• Travel Perks: Benefit from complimentary stays and discounted rates at our global properties for you and your family.
• Health & Wellness: We provide a range of health benefits and wellness initiatives to promote a balanced lifestyle.
• Retirement Benefits: Depending on your role and length of service, we offer retirement plans to honor your dedication.

A leading multinational servicing company is looking to strengthen their cybersecurity team by recruiting a Security Analyst. This role reports to the Security Architecture Manager and will be responsible for supporting global cybersecurity operations by monitoring, analyzing, and maintaining the security posture across on-premises, cloud, and mobile environments.

Candidates should have exposure in the following:

• Minimum 2 to 4 years of experience in IT or cybersecurity roles
• Strong knowledge of SIEM, IDS/IPS, malware protection, Data Loss Prevention (DLP), Identity and Access Management (IAM), vulnerability scanning, and incident response
• Proven ability to detect and respond to network anomalies and malware events across multiple security platforms
• Experience managing and monitoring DLP solutions, email filtering systems, and application whitelisting
• Skilled at investigating and managing SIEM alerts and overseeing cybersecurity configuration compliance via vulnerability management tools
• Bachelor's degree in Information Systems, Computer Science, or equivalent experience

This role requires strong collaboration skills to work closely with security engineers, architects, and IT teams to ensure compliance and resilience across the organization's digital infrastructure.

For more information, please contact OR WhatsApp

The Role:

The role is part of our regional SOC team, tasked to deliver Managed Security Services (MSS) and help customers achieve its business goals & objectives by re-imagining cybersecurity as one of its business enabler. The role reports to SOC vertical based in Singapore. It is a great opportunity to put your past experiences in building a world class SOC and address cybersecurity challenges of organizations in the region. It provides exposure to wide variety of security technologies, and provides opportunity for the candidate to pioneer in developing SOC and build new MSS offerings.

Accountabilities:

Handle security incidents and provide level two (L2) support during analysis & investigations to identify the root cause.

Critical incidents to CSIRT team, for further analysis & investigations, and demonstrate excellent collaboration skills for timely resolution to minimize impact to customers.

Provide detailed remediation recommendation to customers for the incidents within agreed SLAs, and if required assist them during remediation implementation.

Go that extra mile to proactively work with customer to build threat detection use cases, minimize incident noise, develop correlation logic and enable junior regional analysts to focus on critical incidents.

Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.

Prepare SOC monthly reports, which includes customization based on business requirements and present them to customers during monthly meetings, highlighting risks and mitigation plans.

Lead new customer deployments by working closely with customer, regional onsite teams and relevant stakeholders during build phase, and take end-end responsibility for smooth go-live.

Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.

Enable regional security analysts to deliver seamless L1 support locally by developing SOC playbooks, relevant and sufficient Knowledge base.

If required assist sales team to help pitch MSS offerings, drive proof-of-concepts and demo MSS services at technology events, to show value of the service offerings to prospect customers.

Lead and manage junior analysts in handling incidents, day-day operations, SLA requirements, and customer requests.

The Individual and their Experience:

Candidate should have at least 8 years of experience working in SOC and MSS environments, with a Bachelor's degree in Computer Science/IT/Information security.

Excellent hands-on experience in implementations, incident analysis of IBM
QRadar
, Alienvault SIEM technologies and should hold relevant vendor certifications.

Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Cisco AMP for endpoint.

Hands on experience on email security solutions. Preferred if that is on Cisco Email Solutions.

Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.

Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with a proven Unix (Solaris, Linux, BSD) experience.

Knowledge on any shell scripting language, and to apply them to automate mundane operations tasks.

Candidate should have at least one SANS certification. Preferred if that is GCIH

Understanding of basic network concepts and advantage if exposure to cloud technologies.

Thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards

Position will be based in Hong Kong