Offensive Security Engineer - Global Financial Institution - Hong Kong

My client, a global financial institution, is actively seeking a Offensive Security Engineer to join their team. In this role, you will play a crucial part in securing their crypto trading services. Collaborating closely with product and engineering teams, you will help deliver secure software solutions across a modern tech stack. Your responsibilities will include identifying and remediating application security vulnerabilities in collaboration with developers. The role: Conduct web application

NLS - Hong Kong - Full time

Salary: Up to HKD 1.2 million per annum

My client, a global financial institution, is actively seeking a Offensive Security Engineer to join their team. In this role, you will play a crucial part in securing their crypto trading  services. Collaborating closely with product and engineering teams, you will help deliver secure software solutions across a modern tech stack. Your responsibilities will include identifying and remediating application security vulnerabilities in collaboration with developers.

The role:

  • Conduct web application, source code, and network penetration testing.
  • Perform mobile and API penetration testing.
  • Support engineering teams across multiple time zones with project tasks and deadlines.
  • Develop unique tools to scale the security program.
  • Exploit system vulnerabilities and articulate complex issues to technical and non-technical audiences.
  • Produce detailed technical reports outlining the technical and business risks of identified vulnerabilities, with actionable recommendations.
  • Provide technical leadership and mentorship to security and engineering teams.
  • Develop new tools and automation.
  • Conduct reverse engineering.
  • Fulfill other duties as assigned.

What you offer:

  • 5+ years of cyber security experience.
  • Bachelors Degree in Computer Science or related field.
  • Proficiency in senior-level penetration testing, application security assessments, code reviews, and offensive security methodologies.
  • Familiarity with tools like Burp Suite, Nessus, Kali Linux, and similar applications.
  • Exposure to mobile application assessments, web services API evaluations, and hardware/embedded systems.
  • Basic proficiency in mainstream programming languages such as C/C++, Java, JavaScript, Python, or Go.
  • Strong risk assessment skills and the ability to communicate vulnerability impacts effectively.
  • Knowledge of network basics and protocols including IP, DNS, HTTP, and SSL/TLS.
  • Understanding of cryptographic concepts, common attacks, OWASP Top 10, and SANS CWE 25.
  • Experience with software development practices, Agile methodologies, CI/CD tools, and security scanning tools.
  • Familiarity with public cloud platforms like AWS, Azure, and GCP.
  • Relevant certifications including OSCP, OSCE, OSWE, CEH, CISSP, CISM, CompTIA Security+, GSEC, and others.
Apply
22225472

OTHER ASIAXPAT SITES:

Ad