Job ref no.: CT3114843-01#6300

Penetration Testing – Technology Risk (Global Professional Firm)

JAC Recruitment Hong Kong Co., Limited

  • 5-day week
  • Discretionary bonus
  • Medical plan

Our Client, a Professional Firm is now seeking for a Penetration Testing – Technology Risk position.

Job Description & Responsibilities

  • Lead/contribute to attack and penetration testing engagements to identify security weaknesses with client's IT environments, report on issues and make recommendations for their remediation
  • Look to as a subject matter expert to help support and mentor other team members
  • Response to client requests, anticipating and meeting client problems and needs using innovative approaches when applicable
  • Involve in all aspects of security and vulnerability management engagements which include but are not limited to:
  • Network and host layer vulnerability assessments
  • Firewall, networking and security device reviews
  • Web application assessments
  • Social Engineering through targeting the physical security of the infrastructure or building
  • Source code reviews using manual and automated tools including native application assessments, mobile application assessments and malware reverse engineering



  • Bachelor degree or above in Computer Science, Information Management/Technology, Risk Management or other related disciplines
  • Holder of CREST Certified Tester (CCT) in either Infrastructure or Web Applications or similar certification
  • With penetration testing related certifications e.g. Offensive Security Certified Professional (OSCP) or Offensive Security Certified Expert (OSCE) will be preferred
  • For Manager position, experience in Red Team engagements.  With a capability in line with CREST UK's Certified Simulated Attack specialist certification and CBEST assessments
  • Experience of working with applications that perform a wide range of business functions – ideally across multiple industries
  • Experience in performing web applications penetration tests, identifying weakness in security controls and the business risks associated
  • Ability to understand and assess applications from both a technical and business function perspective
  • Subject matter expertise in one or more of the following:                                   -Networking: LAN, WAN, interworking technologies                                             -Security Appliances: Firewalls (Cisco ASA, Check Point), Proxies, IDS/IPS          -Reverse engineering                                                                                     -Web Applications                                                                                           -Exploit Development                                                                                       -Application vulnerability assessment                                                                 -Mainframe systems                                                                                         -Mobile platforms (iOS, Android, Windows, etc.)                                                 -Other devices                                                                                                 -Social Engineering                                                                                           -Malware and Red Teaming
  • Perform penetration testing, particularly of novel devices and environments innovatively and analytically
  • Capable of working to strict deadlines and prioritizing work appropriately
  • Able to develop scripts or code to automate testing and develop bespoke attacks
  • Ability to work well independently and be comfortable leading a team within a client service environment
  • Good communication skills with an ability to explain complex technical issues to non-technical business clients as well as high proficiency in both spoken and written English and Chinese
  • Excellent written skills with demonstrated ability to write reports and proposals.  Including the ability to discuss findings in a risk perspective with clear remediation advice specific to the client's environment
  • Excellent project management and interpersonal skills
  • Willing to travel


 Interested candidates, kindly send your detailed resume by clicking Apply Now in MS Word including:

1) Expected salary
2) Current and last drawn salaries
3) Reason for leaving current job and past employments

Personal data collected will be used for employment-related purpose only. We regret to inform that only shortlisted candidates will be notified, thank you


All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.

More job information
Job ref no. CT3114843-01#6300
  • N/A
Job Function
  • Admiralty
Employment Term
  • Permanent
  • Full-time
  • 5 years - 10 years
Career Level
  • Middle management level
  • Degree
  • Master's degree