Description and Requirements
The Job
- Conduct comprehensive risk and control assessments to identify, evaluate, monitor, and mitigate risks across IT systems, applications, and network operations.
- Conduct red / purple team operation and penetration testing to identify vulnerabilities and assess the effectiveness of security controls.
- Implement remediation plans based on test findings to strengthen the security posture.
- Support security teams in defining, assessing, and managing security operations through appropriate policies, procedures, and control frameworks.
- Proactively evaluate IT control processes and activities to ensure the control environment is effectively designed and functioning.
- Facilitate audit and security control reviews with internal teams and external parties, prioritizing and mitigating risks to acceptable levels.
- Enhance security measures such as threat detection, attack penetration, and mitigation based on current and emerging threats.
- Promote communication and collaboration between internal teams and external parties on risk and cybersecurity matters.
The Person
Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Software Engineering, or related fields.5+ years of hands-on experience in red / purple team exercises, penetration testing, and DevSecOps.Sound knowledge in Information Security, Business Continuity, Project Management, Application Security and industry best practices.Holder of one or more of the following certifications is a plus : CISSP, CISA, CISM, CISP, OSCP, CEH, CRTP, and CRT.LPS Additional Locations :
Hong KongHong Kong