POSITION / ROLE SUMMARY
A career in our Risk and Security Controls practice, within Information Technology Risk Assurance services, will allow you to develop and apply strategies that help clients leverage enterprise technologies so they can get a higher return on their investment, mitigate risks, streamline processes, and find operational inefficiencies. We assist clients in understanding and challenging their current risk profiles and develop strategies to build digital confidence by embracing opportunities to stay competitive through building trust and resilience into their technology systems. We cover a wide range of disciplines, including risk evaluation, operational and strategic Information Technology processes, project governance, application implementation, data integrity, cyber security, and accounting/audit.
Our team helps organizations analyze and assess the security environment and application of our client’s information technology systems. You’ll help develop strategies to increase the reliability of system outputs, enhancing systems security and integrity, and developing strategies for ongoing maintenance.
This position will report to the Supervisor, HK Cyber Security.
WHAT’S IN IT FOR YOU
The candidate will be joining a team with deep expertise in providing clients with offensive security services. Client runs the biggest professional ethical hacking team in Hong Kong and have worked with organizations of all sizes and across sectors to help them stay ahead of cyber threat actors.
Our offensive-related services include:
● CREST-recognized threat intelligence and simulation services
● Adversary simulation to mimic real-life threat actors exercise their attack patterns
● Penetration testing against applications and infrastructure to visualize the attack surface and the
possible entry points
● Evaluation of the ability to detect and defend against APT, in terms of people, process and technology
● Tailored recommendations to fine-tune system defenses, security processes, and overall IT strategies, with focus on the preparedness to latest identified attacks and techniques
As our Cyber Security Senior Analyst - Red Team, you are tasked to deliver security consultancy and
assessment services to our clients to improve their cyber resilience.
● Simulating cyber targeted attacks using hackers’ techniques, tactics and procedures on clients’
● Working with clients threat intelligence team and clients to identify red team objectives, goals and scenarios
● Conducting vulnerability assessment and penetration testing (VAPT) and source code review when required
● Prepare a report on identified security vulnerabilities, attack paths and possible recommendations to remediate the vulnerabilities.
● Researching new hacking techniques, endpoint security evasion, exfiltration techniques
● Remain up to date on the latest cyber security threats and trends.
● Interface with clients to address concerns, issues or escalations; track and drive to closure any
issues that impact the service and its value to clients
● Develop comprehensive and accurate reports and presentations for both technical and executive
● Bachelor’s Degree in IT, Computer Engineering or degrees with specialization in IT will be considered (or equivalent work experience)
● At least 3 years of relevant hi-tech experience, preferably in a consulting environment
● Set up and operate red team infrastructure
● Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities: Email, phone, or physical social-engineering assessments
● OSCP, CREST CRT / CCT
Specific Technical Skills
● Shell scripting or automation of simple tasks using Perl, Python, or Ruby
● Developing, extending, or modifying exploits, shellcode or exploit tools
● Reverse engineering malware, data obfuscators, or ciphers
● Strong credentials in wireless, web application, and network security testing
● Thorough understanding of network protocols, data on the wire, and covert channels
● Strong understanding Unix/Linux/Mac/Windows operating systems, including bash and Powershell
● Possess interest in cybersecurity and in studying hackers as well as their techniques, tactics and procedures
● Ability to document and explain technical details in a concise, understandable manner
● Good communication skills
You will be redirected to our company ATS for submission of CV.