Our client is one of the biggest organisations, they are looking for a Manager/Technical Lead (PenTesting) with experience in Information Risk and Security management and extensive experience in performing application security assessments.
- Contribute/ lead the management of end-to-end Pentesting, to ensure quality on testing engagements to identify security weaknesses within company's business environments, report on issues and make remediation recommendations
- Position as a subject matter expert to help support and respond to company's pending requests, anticipate company's needs, and suggest solutions using innovative approaches
- Involve in all aspects of security PenTesting and vulnerability management engagements which include but are not limited to:
- Network and host vulnerability assessments and penetration testing.
- Web application vulnerability assessments and penetration testing.
- Source code security reviews assisted by automated tools.
- Exploit research and development skills are a plus.
- Firewalls, IDS / IPS, and other security device configuration review are a plus.
- Ensure the quality of reports on findings and recommendations meets the company's quality standard.
- Preferred certifications: GIAC, CISSP, CEH, OSCP. CISA, CISM, OSCE, OSWE Web Expert, or OSEE Exploitation Expert or equivalent is a great plus.
- Hands-on experience working with Burp Suite, OWASP Zap, Nmap, Metasploit, Wireshark, and SIEM
- Experience with digital security and the recent adoption of mobile and web security measures
- Experienced in secure application coding and application security scanning
- Expert knowledge of:
- Windows, Linux, ChromeOS, and macOS,
- Implants, shells, Command and Control (C2) infrastructure,
- TCP/IP, IDS/IPS, firewalls, WAF, and web content filtering,
- Crypto: PGP, SSH, PKI, Network equipment such as Cisco, Palo Alto, and Juniper, AWS environments.
- Performing penetration tests, vulnerability assessments, and application/infrastructure security reviews for the web and mobile applications
- Support the development of application coding guideline and application security scanning process and the development a penetration test policy and source code review guidelines
- Proficiency in both written and spoken English and Cantonese
Interested individuals can click apply now and send updated resume (in WORD format) to Bonnie Chan for further information.
For a more comprehensive list of current opportunities, please visit www.connectedgroup.com