Title:  Analyst/Senior（support HK team）-Security Technology-RA Cyber-GDC Chongqing

About the Business

Our objective is to help clients develop and implement strategies for IT risk management and aim to help clients find the appropriate balance between risk management and cost containment. Our integrated solutions covering: Cyber Strategy, Cyber Security, Cyber Vigilance, Cyber Resilience.

Work you'll do

• Contribute/lead to attack and penetration testing engagements to identify security weaknesses within client's business environments, report on issues and make remediation recommendations
• Position as a subject matter expert to help support and mentor other team members
• Respond to client requests, anticipate client needs, and suggest solutions using innovative approaches
• Involve in all aspects of security and vulnerability management engagements which include but are not limited to: 
- Network and host vulnerability assessments and penetration testing
- Web application vulnerability assessments and penetration testing
- Source code security reviews assisted by automated tools
- Exploit research and development skills are a plus
- Social engineering and physical penetration testing against facilities and 
  sites are a plus
- Firewalls, IDS / IPS, and other security device configuration review are a plus

A fit for the role? Let's talk about you.

• Bachelor degree or above in Computer Science, Information and Communications Technology, Information Systems, Risk Management, or other related disciplines
• Holders of the following qualifications preferred: 
 - Offensive Security Certified Professional (OSCP) or other Penetration Testing related certifications 
• 1 - 6 years of experience on penetration testing, vulnerability assessment or other types of security assessments 
• Hands-on experience in web applications penetration testing
• Ability to understand and assess applications from both technical and business perspectives, and to explain technical vulnerabilities in terms of business risks
• Subject matter expertise in one or more of the followings: 
- Networking: LAN, WAN, MPLS, VPN, Load Balancers / Reverse Proxies, 
  and other networking technologies
- Security Equipment: Firewalls, IDS / IPS, SIEMs, End-Point Protections, 
  etc.
- Storage Technologies: MS-SQL, Oracle, DB2, MySQL, PostgreSQL, 
  MongoDB, Cassandra, Redshift, Aurora, Redis, Memcached, etc.
- Reverse engineering
- Web applications
- Exploit development
- Application vulnerability assessment
- Mainframe systems
- Mobile platforms (iOS, Android, etc.)
- Social engineering
- Malware development and red teaming
• Perform penetration testing, particularly on novel devices and environments innovatively and analytically
• Capable of working to strict deadlines and prioritizing work appropriately
• Able to develop scripts or code to automate testing and develop bespoke attacks
• Ability to work well independently and be comfortable leading a team within client engagements
• Good communication skills with an ability to explain complex technical issues to non-technical business clients as well as high proficiency in both spoken and written English and Chinese
• Excellent written skills with demonstrated ability to write reports and proposals.  Including the ability to discuss findings from a business risk perspective with clear remediation advices specific to the client's environment
• Excellent project management and interpersonal skills