Manager/Technical Lead, PenTesting

Location Hong Kong
Job-type Full Time
Salary Negotiable
Contact Bonnie Chan
Email email Bonnie
Reference ARVU-006355_1622523799

Our client is one of the biggest organisations, they are looking for a Manager/Technical Lead (PenTesting) with experience in Information Risk and Security management and extensive experience in performing application security assessments.


  • Contribute/ lead the management of end-to-end Pentesting, to ensure quality on testing engagements to identify security weaknesses within company's business environments, report on issues and make remediation recommendations
  • Position as a subject matter expert to help support and respond to company's pending requests, anticipate company's needs, and suggest solutions using innovative approaches
  • Involve in all aspects of security PenTesting and vulnerability management engagements which include but are not limited to:
    • Network and host vulnerability assessments and penetration testing.
    • Web application vulnerability assessments and penetration testing.
    • Source code security reviews assisted by automated tools.
    • Exploit research and development skills are a plus.
    • Firewalls, IDS / IPS, and other security device configuration review are a plus.
  • Ensure the quality of reports on findings and recommendations meets the company's quality standard.


  • Preferred certifications: GIAC, CISSP, CEH, OSCP. CISA, CISM, OSCE, OSWE Web Expert, or OSEE Exploitation Expert or equivalent is a great plus.
  • Hands-on experience working with Burp Suite, OWASP Zap, Nmap, Metasploit, Wireshark, and SIEM
  • Experience with digital security and the recent adoption of mobile and web security measures
  • Experienced in secure application coding and application security scanning
  • Expert knowledge of:
    • Windows, Linux, ChromeOS, and macOS,
    • Implants, shells, Command and Control (C2) infrastructure,
    • TCP/IP, IDS/IPS, firewalls, WAF, and web content filtering,
    • Crypto: PGP, SSH, PKI, Network equipment such as Cisco, Palo Alto, and Juniper, AWS environments.
  • Performing penetration tests, vulnerability assessments, and application/infrastructure security reviews for the web and mobile applications
  • Support the development of application coding guideline and application security scanning process and the development a penetration test policy and source code review guidelines
  • Proficiency in both written and spoken English and Cantonese

Interested individuals can click apply now and send updated resume (in WORD format) to Bonnie Chan for further information.

For a more comprehensive list of current opportunities, please visit