Back to job search

Senior Technical Security Engineer

  • Location:

    Hong Kong

  • Sector:

    Technology

  • Job type:

    Permanent

  • Salary:

    attractive salary + benefits + bonus + 25 holidays

  • Contact:

    Preksha Tripathi

  • Contact email:

    Preksha.Tripathi@oliverjames.com

  • Job ref:

    JOB-042022-167917_1651550476

  • Published:

    15 days ago

  • Expiry date:

    2022-06-02

  • Startdate:

    ASAP

The Senior Technical Security Engineer role will evaluate and establish scalable infrastructure and appropriate security controls for company's applications which will transform the way brands and retailers assess their supply chains and drive improvements.

What you'll be doing:

      • Plan and execute pen-testing engagements against Company's systems and applications
      • Plan, facilitate and organize pen-testing engagements with 3rd party security vendors
      • Perform vulnerability scanning and vulnerability assessments against our infrastructures, endpoints, systems and applications
      • Help manage our Security Champions programme and DevSecOps initiatives
      • Provide developers support and security training around Secure Development, S-SDLC and DevSecOps
      • Perform remediation tracking and produce software security metrics
      • Develop technical requirements, policies, procedures and controls for network, system and data security
      • Provide technical guidance to application teams and implement the necessary security configurations related to the infrastructure and applications
      • Define appropriate framework for cybersecurity monitoring and implement cybersecurity control mechanisms which are consistent with Company's principles
      • Manage end-to-end project management from initiation to deployment and rollout as well as post-implementation on Information Security including establishment of policies, the deployment of Security Controls & Framework, DevSecOps best practices, etc.
      • Serve as part of the security implementation and remediation program to reduce vulnerabilities in technology applications, infrastructure and other areas in the region
      • Work closely with internal stakeholders and teams, as well as external vendors, to manage the technical aspects of cyber & data security
      • Detect, identify and monitor security vulnerabilities and make recommendations on remediation actions
      • Act as a focal point for internal/external audit around technology risk and information security matters
      • Provide architecture assurance on security platform initiatives
      • Maintain security infrastructure, providing stability by following and using the tools, policies, processes and procedures available
      • Provide a secure environment, managing and mitigating risks
      • Provide reporting and metrics
      • Resolve Incidents impacting hosts or environment
      • Create, review, maintain and update documentation on Confluence
      • Lead and/or support company wide initiatives around security assessments, penetration testing, mock-phishing, end user information security education, etc. to ensure we have a strong security posture
      • Implement best practices around security and help with security "hygiene" aspects incl. monitoring, log reviews, SDLC/code compliance against OWASP Top 10, etc.
      • Lead incident investigations, reporting and remediation actions
      • Other duties as assigned.
      • Hands on experience of the GCP product suite and associated security tooling

What are we looking for in you?

      • Experience in IT, Cloud, Cybersecurity
      • Experience in Pen-Testing, Red Teaming or Vulnerability Management
      • University degree in Computer Science, IT Security or related field
      • Knowledge of Python or other scripting languages for security testing automation
      • Programming experience (Java, Javascript, etc)
      • Excellent problem-solving skill for handling complex issues
      • Strong written and oral communication skills including the ability to communicate complex issues to technical and non-technical staff and management.
      • Highly motivated team player with excellent analytical, written, verbal communications and presentation skills is required.
      • Experience in cybersecurity including offense and defense, and vulnerability management;
      • Experience in one or more public cloud security products;
      • Experience in TCP/IP principles;
      • Knowledge of a broad range of cyber security topics e.g. governance, identity and access management, supply chain risks, security operations, incident management etc.
      • Knowledge of AWS, Google Cloud;
      • Good understanding of network design, routing, cybersecurity
      • Detail oriented, well organized and pro-active;
      • Proficiency in English, both written and verbal communications.

Bonus qualifications:

      • SANS/GIAC GPEN
      • OSCP, OSWA, OSWE
      • CISSP, CISM
      • Google Professional Cloud Security Engineer

What you can expect from the client

    • Competitive total rewards
    • 25 days holiday a year
    • Excellent healthcare & life insurance
    • The ability to make bold decisions
    • An environment where the customer is put at the center of everything we do.

The world of contracting: Where stability meets flexibility | Wednesday 20 Oct | 1pm

Thinking of handing in your notice?

Download our Counteroffer Guide for advice on how to navigate counteroffers why they're made, reasons to accept or decline, and what you should consider before making your decision.