Application and Network Security Specialist

Responsibilities

• Conduct application design reviews and security assessments (SAST, DAST, and manual testing) to identify and mitigate risks early in the development lifecycle, ensuringpliance with internal and external security standards.
• Review penetration test reports and drive timely remediation of vulnerabilities, collaborating with development teams to promote secure coding practices and perform threat modeling.
• Validate and optimize firewall and Web Application Firewall (WAF) configurations to align with security policies, minimizing unnecessary access and protecting web applications from threats.
• Troubleshoot WAF-related issues in coordination with infrastructure and application teams, ensuring robust network and cloud security controls are maintained.
• Support security audits and risk assessments to strengthen infrastructure security.
• Provide on-call support for critical security incidents outside regular hours, assisting in containment, investigation, and recovery efforts.
• Undertake ad-hoc tasks or projects as assigned to support organizational security objectives.

Qualifications

Education & Experience

Bachelor's degree inputer Science, Information Systems, or a related field.

At least 10 years of experience in technology risk management and cybersecurity, preferably in multinational banking or insurance sectors, including a minimum of 2 years in recovery strategy design and testing.

Familiarity with security frameworks (, ISO 27001, PCI-DSS) and Hong Kong regulatory requirements (, Insurance Authority, Mandatory Provident Fund Schemes Authority).

Hands-on experience with authentication solutions (, MFA, OAuth2, SAML) and encryption technologies.

Strong knowledge of DevSecOps and cloud security trends is highly desirable.

Relevant certifications (, CISSP, CISA, CISM, CEH, CCNP Security) are advantageous.

Skills &petencies

Exceptionalmunication skills, adept at explainingplex risks to non-technical stakeholders and fostering cross-functional collaboration.

Fluent in written and spoken English and Chinese.

Detail-oriented with strong documentation and reporting capabilities.

Ability to prioritize tasks and manage incidents effectively under pressure.

Proactive, independent, and creative in solvingplex problems.

Willingness to work outside regular hours to address urgent security incidents.

Experience in multinational or regional security teams is a plus.

Job ID BBBH162602