Pinpoint Asia is representing one of Hong Kong's most respected and technologically complex institutions. Our client is a leader in its field, investing heavily in building a world-class cyber defense function to protect critical assets and data.
We are looking for a strategic, hands-on leader to take full ownership of their Vulnerability Management and Offensive Security program. This is a high-impact role where you will shape the strategy, lead a specialist team, and act as the ultimate authority on identifying and mitigating security weaknesses across the enterprise.
The Opportunity: What You'll Command
This is not a typical operational role. You will be empowered to build, run, and innovate a comprehensive security program. You will be the central commander for threat and vulnerability management, from integrating security into the development pipeline (DevSecOps) to leading the charge during zero-day incidents.
Your mission is to proactively reduce the organization's attack surface by leading a multi-faceted function that includes:
- Team Leadership: Build, mentor, and lead a high-caliber team of security specialists responsible for scanning, testing, and analysis.
- Strategic Oversight: Own the entire lifecycle for vulnerabilities across infrastructure, applications, databases, and networks.
- Vendor & Service Management: Command relationships with external partners for specialized services like Red Teaming and advanced penetration testing, ensuring top-tier performance and value.
- Incident Command: Act as the designated lead for responding to critical, actively exploited vulnerabilities, orchestrating rapid enterprise-wide remediation efforts.
The Core Mission: Your Key Accountabilities
- Drive a Proactive Security Posture: Evolve and manage a sophisticated program covering continuous vulnerability scanning, configuration compliance, and attack surface management.
- Champion DevSecOps: Spearhead the integration of security into the CI/CD pipeline. Embed automated tools (SAST, DAST, SCA) and secure coding practices to find and fix flaws early in the development process.
- Lead Offensive Security Operations: Oversee all penetration testing (application and infrastructure), secure code reviews, and advanced adversarial simulations (Red Teaming) to rigorously test the organization's defenses.
- Deliver Actionable Intelligence: Develop a robust vulnerability intelligence capability that contextualizes global threats to the firms specific environment. Prioritize remediation based on genuine business risk, not just raw CVSS scores.
- Communicate with Impact: Develop and present compelling metrics, risk reports, and strategic roadmaps to C-level executives and key business stakeholders, translating complex technical data into clear business impact.
The Ideal Profile
We are looking for a seasoned cybersecurity leader with a "player-coach" mentality. You have deep technical credibility combined with proven management experience.
- Experience: 12+ years in cybersecurity, with at least 5 years in a leadership role focused on Vulnerability Management, Application Security, or Offensive Security.
- Technical Mastery: Deep, practical expertise across the modern security toolkit. You must understand the "how" and "why" behind:
- Vulnerability Management Platforms: Tenable, Qualys, Rapid7, etc.
- DevSecOps & AppSec Tools: SAST, DAST, SCA, IAST integrated into developer workflows.
- Offensive Security Methodologies: Penetration Testing, Red Teaming, MITRE ATT&CK Framework.
- Modern IT Environments: Cloud (AWS/Azure), containerization, and complex enterprise networks.
- Strategic & Analytical Mindset: You can dissect complex vulnerabilities, assess exploitability, and map technical findings to tangible business risks.
- Leadership & Influence: You have a proven ability to manage technical teams and to communicate effectively with stakeholders at all levels, from engineers to executives.
- Credentials: A degree in Computer Science, Information Security, or a related discipline. Industry certifications such as CISSP or CISM are highly desirable.
If this outstanding opportunity sounds like your next career move, please submit through "Apply Now" or send your resume in Word format to Danny Kwan at resume@pinpointasia.com and put Vulnerability Management & Offensive Security Lead in the subject header.
Data provided is for recruitment purposes only.
_________________________________________________________
Headquartered in Hong Kong, Pinpoint Asia is the go-to Specialist Firm for Technology Recruitment
We are a team of specialist tech recruiters (many of our recruiters come from an IT background) and we serve a wide range of clients, all the way from tech startups (especially FinTech) to some of the top Financial Institutions on Wall Street and several other large scale enterprises in other industries.
Our significant market reputation and status as the leading search firm for many of our clients is a direct result of our strong industry relationships, intimate understanding of the marketplace and proven ability to deliver results.
Our vision isto help companies hire smarter and help job seekers get closer to their career aspirations.
To see all our open jobs please reach out to us at https://pinpointasia.com/job-search/ (EA License #79256)
We are also seeking top-calibre candidates for the following exciting roles:
1) Trading Systems & Operations Associate – Global Quantitative Fund
2) Senior Windows Platform Engineer, Azure - Top-tier HFT (Relocation)
3) AI & Automation Transformation Manager - International Financial Institution