Our client, a leading enterprise with one of the largest technology platforms in HK, is looking for a Vulnerability Testing Manager to join their cybersecurity team. The selected candidate will be putting on the red hat in leading penetration tests and finding weak points. Great exposure, perm position, and growth opportunity.
Responsibilities:
Lead the Cyber Security Team on vulnerability testing for web applications, APIs, Infrastructure, mobile apps, and networks.
Lead the web scanning and automated code testing of in-house applications to ensure that systems are resistant to known attacks, e.g. OWASP Top 10, when deployed.
Perform application security planning and secure application code review.
Review Security Events, and provide investigation and remedial action.
Develop the application coding guideline and application security scanning process.
Develop a penetration test policy and source code review guidelines.
Review the configuration of Firewalls, IDS / IPS, and other security devices.
Perform Information Risk Assessment and due diligence on the vendor selection process.
Provide technical support and configuration on security infrastructure and systems.
Qualifications:
At least 10 years of experience in Information Risk and Security management.
Recent team leading and management experience.
Extensive experience in performing application security assessments.
Passion for putting the red hats to perform offensive security and assurance.
Strong understanding of performing penetration tests, vulnerability assessments, and application/infrastructure security reviews for web and mobile applications. Experience in supporting network infrastructure and performing secure coding reviews.
Hands-on experience working with Burp Suite, OWASP Zap, Nmap, Metasploit, Wireshark, and SIEM
Experience with digital security and the recent adoption of mobile and web security measures.
Experienced in secure application coding and application security scanning.
Excellent communication skills in English.
Security Certificates in GIAC, CISSP, CEH, and OSCP. CISA, CISM, OSCE, OSWE Web Expert, or OSEE Exploitation Experts or equivalent are a great plus.