Vulnerability Management & Offensive Security Lead

Pinpoint Asia is representing one of Hong Kong's most respected and technologically complex institutions. Our client is a leader in its field, investing heavily in building a world-class cyber defense function to protect critical assets and data.

We are looking for a strategic, hands-on leader to take full ownership of their Vulnerability Management and Offensive Security program. This is a high-impact role where you will shape the strategy, lead a specialist team, and act as the ultimate authority on identifying and mitigating security weaknesses across the enterprise.

The Opportunity: What You'll Command

This is not a typical operational role. You will be empowered to build, run, and innovate a comprehensive security program. You will be the central commander for threat and vulnerability management, from integrating security into the development pipeline (DevSecOps) to leading the charge during zero-day incidents.

Your mission is to proactively reduce the organization's attack surface by leading a multi-faceted function that includes:

• Team Leadership: Build, mentor, and lead a high-caliber team of security specialists responsible for scanning, testing, and analysis.

• Strategic Oversight: Own the entire lifecycle for vulnerabilities across infrastructure, applications, databases, and networks.

• Vendor & Service Management: Command relationships with external partners for specialized services like Red Teaming and advanced penetration testing, ensuring top-tier performance and value.

• Incident Command: Act as the designated lead for responding to critical, actively exploited vulnerabilities, orchestrating rapid enterprise-wide remediation efforts.

The Core Mission: Your Key Accountabilities

• Drive a Proactive Security Posture: Evolve and manage a sophisticated program covering continuous vulnerability scanning, configuration compliance, and attack surface management.

• Champion DevSecOps: Spearhead the integration of security into the CI/CD pipeline. Embed automated tools (SAST, DAST, SCA) and secure coding practices to find and fix flaws early in the development process.

• Lead Offensive Security Operations: Oversee all penetration testing (application and infrastructure), secure code reviews, and advanced adversarial simulations (Red Teaming) to rigorously test the organization's defenses.

• Deliver Actionable Intelligence: Develop a robust vulnerability intelligence capability that contextualizes global threats to the firm’s specific environment. Prioritize remediation based on genuine business risk, not just raw CVSS scores.

• Communicate with Impact: Develop and present compelling metrics, risk reports, and strategic roadmaps to C-level executives and key business stakeholders, translating complex technical data into clear business impact.

The Ideal Profile

We are looking for a seasoned cybersecurity leader with a "player-coach" mentality. You have deep technical credibility combined with proven management experience.

• Experience: 12+ years in cybersecurity, with at least 5 years in a leadership role focused on Vulnerability Management, Application Security, or Offensive Security.

• Technical Mastery: Deep, practical expertise across the modern security toolkit. You must understand the "how" and "why" behind:

• Vulnerability Management Platforms: Tenable, Qualys, Rapid7, etc.

• DevSecOps & AppSec Tools: SAST, DAST, SCA, IAST integrated into developer workflows.

• Offensive Security Methodologies: Penetration Testing, Red Teaming, MITRE ATT&CK Framework.

• Modern IT Environments: Cloud (AWS/Azure), containerization, and complex enterprise networks.

• Strategic & Analytical Mindset: You can dissect complex vulnerabilities, assess exploitability, and map technical findings to tangible business risks.

• Leadership & Influence: You have a proven ability to manage technical teams and to communicate effectively with stakeholders at all levels, from engineers to executives.

• Credentials: A degree in Computer Science, Information Security, or a related discipline. Industry certifications such as CISSP or CISM are highly desirable.

If this outstanding opportunity sounds like your next career move, please submit through "Apply Now" or send your resume in Word format to Danny Kwan at resume@pinpointasia.com and put Vulnerability Management & Offensive Security Lead in the subject header.

Data provided is for recruitment purposes only.