We're looking for a skilled Application Security Analyst to support one of our largest in-house clients.
Your new role
- Assess source code, application logic, and authentication mechanisms to identify weaknesses and suggest practical mitigation strategies aligned with secure development practices.
- Conduct web, mobile, API, and infrastructure penetration tests to uncover vulnerabilities, misconfigurations, and security gaps. Provide detailed reports and remediation guidance to development and operations teams.
- Investigate and manage security incidents throughout their lifecycle. Conduct root cause analysis, post-incident reviews, and implement preventive measures to enhance future readiness.
- Perform regular vulnerability scans, threat modelling, and risk evaluations, using industry-standard tools and frameworks. Coordinate with teams to ensure timely remediation.
What you'll need to succeed
- 2+ years of experience in application or cybersecurity roles (Red Teaming, SOC, vulnerability management, or incident response).
- Proficiency with common pentesting tools (e.g., Burp Suite, Metasploit, Nmap, Nikto, OWASP ZAP, or custom scripts).
- Experience in performing security assessments on modern web applications and APIs.
- Solid knowledge of OWASP Top 10, secure coding, and exploit development.
- Fluency in English and Chinese
What you need to do now
If you fulfil all the qualifications mentioned above and have the drive to succeed or are interested in similar roles within the Information Technology Sector, please contact me with an attached CV at Anson.Hoo@hays.com.hk or please call +852-2230-7434.