Share this Job
Apply now »
Job Req Id:  298583
Business Area:  Risk Advisory
Date Posted:  27-Jul-2022
City:  Hong Kong

Title:  Analyst / Senior Consultant / Manager (Penetration Testing) - Cyber - Hong Kong

Pursue a Career with Impact

At Deloitte China, we are on a mission to nurture and empower our people to become deep subject matter experts.
We offer the perfect platform to unleash your full potential and equip you to thrive on challenges, and partner with our clients to solve their most complex problems.
A world of opportunities awaits. Start your adventure and journey with us.

About the Business

The fourth industrial revolution is driving change at an exciting pace - creating an increasingly global, digital, and interconnected world. The resulting pervasiveness of cyber brings both new business opportunities, and new cyber threats. Deloitte has led the way through every era of cyber risk, from compliance, to resilience, to complexity. Our heritage, combined with deep tech expertise and broad industry experience, means we’re prepared for virtually every scenario.


Deloitte’s Cyber Risk services can help clients perform better, solving complex problems so organizations can build confident futures. Smarter, faster, more connected futures. Better futures never before thought possible - for business, for people, and for the planet. Using human insight, technological innovation, and comprehensive cyber solutions, we manage cyber everywhere, so society can go anywhere.

Work you'll do

  • Contribute/lead to attack and penetration testing engagements to identify security weaknesses within client's business environments, report on issues and make remediation recommendations
  • Position as a subject matter expert to help support and mentor other team members
  • Respond to client requests, anticipate client needs, and suggest solutions using innovative approaches
  • Involve in all aspects of security and vulnerability management engagements which include but are not limited to: 
    •     Network and host vulnerability assessments and penetration testing
    •     Web application vulnerability assessments and penetration testing
    •     Source code security reviews assisted by automated tools
    •     Exploit research and development skills are a plus
    •     Social engineering and physical penetration testing against facilities and sites are a plus
    •     Firewalls, IDS / IPS, and other security device configuration review are a plus


A fit for the role? Let's talk about you.

We are looking for someone with:

  • Bachelor degree or above in Computer Science, Information and Communications Technology, Information Systems, Risk Management, or other related disciplines
  • Holders of the following qualifications preferred: 
    • Offensive Security Certified Professional (OSCP) or other Penetration Testing related certifications 
  • 1 - 6 years of experience on penetration testing, vulnerability assessment or other types of security assessments 
  • Hands-on experience in web applications penetration testing
  • Ability to understand and assess applications from both technical and business perspectives, and to explain technical vulnerabilities in terms of business risks
  • Subject matter expertise in one or more of the followings:
    • Networking: LAN, WAN, MPLS, VPN, Load Balancers / Reverse Proxies, and other networking technologies
    •     Security Equipment: Firewalls, IDS / IPS, SIEMs, End-Point Protections, etc.
    •     Storage Technologies: MS-SQL, Oracle, DB2, MySQL, PostgreSQL, MongoDB, Cassandra, Redshift, Aurora, Redis, Memcached, etc.
    •     Reverse engineering
    •     Web applications
    •     Exploit development
    •     Application vulnerability assessment
    •     Mainframe systems
    •     Mobile platforms (iOS, Android, etc.)
    •     Social engineering
    •     Malware development and red teaming
  • Perform penetration testing, particularly on novel devices and environments innovatively and analytically
  • Capable of working to strict deadlines and prioritizing work appropriately
  • Able to develop scripts or code to automate testing and develop bespoke attacks
  • Ability to work well independently and be comfortable leading a team within client engagements
  • Good communication skills with an ability to explain complex technical issues to non-technical business clients as well as high proficiency in both spoken and written English and Chinese
  • Excellent written skills with demonstrated ability to write reports and proposals.  Including the ability to discuss findings from a business risk perspective with clear remediation advices specific to the client's environment
  • Excellent project management and interpersonal skills
  • Willing to travel
  • For Analyst/Senior Consultant: Experience in performing HKMA iCAST is an advantage
  • For Manager: Experience in red team engagements in line with CREST Certified Simulated Attack Specialist (CC SAS) certification and CBEST assessments will be a big plus / Experience in performing HKMA iCAST is an advantage

Why Deloitte China?

Join Deloitte China

Deloitte China delivers a comprehensive range of audit & assurance, consulting, financial advisory, risk advisory and tax services to local, multinational and growth enterprise clients in China.

  • We are the world's largest professional services firm and change the world, leading with purpose and shared values
  • We are the undisputed market leader, creating value through multi-disciplinary services and innovative digital solutions, and developing world-class leaders and professionals
  • We have been named a "Top Employer China"  in the Chinese Mainland, Hong Kong & Macau since 2006, providing a “High Value, High Touch, High Tech” talent experience

Start your new chapter with us

Ready to take on new challenges? It's your time to shine. Apply now!

Stay connected for the latest career opportunities

Follow us on WeChat 德勤招聘
Join our group on LinkedIn

Apply now »