Responsibilities:

Conducting application/server/network/middleware/Cloud security configuration assessment
Performing vulnerability assessment on different platforms and technologies
Performing web and mobile, thick client, infrastructure, and wireless network penetration tests
Emulate/Simulate Adversary TTPs using red teaming techniques
Conduct source code review to identify any potential coding vulnerability (using either manual or automated processes)
Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
Strong experience in offensive security tools (such as Metasploit, Mimikatz, Burp) and defensive security tools (such as SIEM, NDR, EDR, DLP)
To present risk management options to the business
To support the development of appropriate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to all the stakeholders including both IT and business
To assess and provide threat-driven defense solutions against evolving threat landscape
Requirements:
Degree Holder in Computer Science, IT Management, Engineering or equivalent; Minimum four years of work experience in Information Technology or Engineering industry
At least four years of client facing working experience
At least three years of demonstrable experience in any of the following: security configuration assessment, vulnerability assessment, cloud technical security assessment, penetration testing and adversary emulation/simulation,
Familiar with security technologies, e.g. NGFW, IDS/IPS, EDR, SIEM, etc
Ability to work independently and under pressure;
Strong analytical, problem solving and inter-personal skills that can deliver results
Excellent communication skills in both written and oral English and Chinese Willing to travel overseas on some projects
Related qualifications and/or industry certifications such as CRT, OSCP/GPEN, OSWE/GWAPT, OSCE3/GXPN/CCSAS/CCSAM are a must
CISSP, CISM and other Cloud certifications is a plus

其他信息
语言要求：英语、粤语