Company Description: A leading technology, media, and telecommunication provider with over 150 years of history in Hong Kong. It offers comprehensive connectivity, smart living, and end-to-end enterprise solutions for local and international businesses.
Location: Central
Nature: Renewable Contract for 12 months
• Act as the Primary Point of Contact for all local security-related requests and requirements.
• Coordinate with internal security stakeholders to efficiently address issues and ensure smooth communication flow.
• Conduct proactive Vulnerability and Common Vulnerabilities and Exposures (CVE) research that impacts the company's local systems and applications.
• Provide timely mitigation guidance, including recommendations for patches, configuration adjustments, or compensating controls.
• Test security patches in lower environments, such as Development and Sandbox, prior to deployment in production.
• Create and share production-ready commands and scripts for the validation of security fixes in the production environment.
• Perform penetration testing on local applications as requested by the security team.
• Validate security fixes and provide re-test reports to confirm the successful closure of identified issues.
• Assist the team in meeting fundamental compliance requirements through documentation, evidence gathering, and control validation.
• Provide advisory support on aligning security practices with applicable regional regulatory standards.
• Possess three to four years of relevant experience in a security-focused role.
• AWS Cloud certification is mandatory for this position.
• Penetration testing certification is highly preferred.
• Demonstrated expert knowledge and experience in applying AWS cloud security best practices.
• Proven ability to support an application security program through secure design reviews, threat modeling, and code-level security guidance.
• Excellent problem-solving and analytical skills to research and resolve complex security issues.
• Strong communication and coordination skills to effectively liaise with technical and non-technical stakeholders.
