Trouvez votre emploi idéal
Espace Recruteurs

Analyst, IT Security Engineering, IT

CITIC CLSA Hong Kong
Mise en ligne il y a 1 jour CDI Competitive

Analyst, IT Security Engineering, IT

CITIC CLSA Hong Kong

Position Description

We are looking for an IT Security Analyst who is proactive, self-motivate, willing- to-do attitude to be part of an international IT Security team to engineer and support security solutions.

As a team member in IT security team, you will be a contributor to the company’s IT and Cyber security strategy and operations. You and your team will be managing a portfolio of IT security tools in identity access management, network intrusion detection system, endpoint protection, email security, data leakage protection, application security, and other information security controls.

Key Areas of Responsibilities

  1. Conduct penetration testing, vulnerability scanning and code review on different IT systems and technologies
  2. Perform architecture Review and security assessments on IT systems’ design, configuration, source code review on both On-Perm and Cloud
  3. Conduct Cyber-attack simulation using red team / blue team / purple team exercises
  4. Prepare and review reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
  5. Perform access review for vendor and guest access on IT systems and services.
  6. Assist on Evaluating, Design, planning and implementing IT security solutions, such as Web Application Firewalls, Single Sign On/MFA, Biometric authentication, Cloud Based Public Key Infrastructure (PKI), Malware Sandboxing, AI red teaming, Zero Trust Solutions, etc.
  7. Assist on first and second level support for some of IT security controls and tools including penetration test tools, vulnerability scanning tools, etc.
  8. Be the subject matter expert for some of the IT Security tools.
  9. Build and maintain an effective working relationship with the team’s key stakeholders - IT Security team members, IT teams and business teams.
  10. Design and deliver new strategic security initiatives with collaboration from business partners.
  11. Maintain an Up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices, Post Quantum Computing standard (ML-KEM, ML-DSA, SLA-DSA), and developments in Artificial Intelligence.

Requirements

  1. Bachelor Degree of above in IT, Computer Science
  2. 3-5 years related experience in cybersecurity, with knowledge in regulatories
  3. Preferably holds IT Security Certifications such as CISSP, CISA, CISM, etc. Certificates related to offensive security (e.g. OSCP, OSWP, OSEP or equivalent) are an advantage.
  4. Candidates with backgrounds in Big4, IT consultancy firms, or Cyber Threat Intelligence are welcome to apply
  5. Hands-on experience with penetration test and vulnerability scanning tools such as Burp Suite, Metasploit, ZAP, Qualys, Tenable/Nessus, Nmap, etc
  6. Strong communication skills in English and Chinese, as well as project management skills
  7. Experience of offensive security services on Web, Network, Server, Client Apps, Mobile, AI, Internet of Thing (IOT) is required:
  8. Penetration testing
  9. Security risk assessment/technical review
  10. Configuration review
  11. Vulnerability scanning and assessment

  1. Knowledge and understanding of the following areas are the foundation to succeed on this role:
  2. Microsoft 365 cloud services – e.g. Exchange online, Sharepoint, OneDrive, Teams, etc
  3. Public Cloud computing platforms - Microsoft Azure, AWS, GCP, Ali Cloud, Tencent Cloud, etc
  4. AI Tools/Models - OpenAI GPT, Anthropic Claude, Google Gemini, Microsoft Copilot, Amazon Bedrock, Grok
  5. IP/Cisco Networking
  6. Virtualization Technology
  7. Microsoft Active Directory, Microsoft Certificate Authority, Microsoft Windows servers and Linux
  8. Storage and Database fundamental

Good-to-have

  1. Knowledge of two or more of the following security areas belowis a plus :
  2. Web Application Firewalls (Akamai, Cloudflare, AWS WAF, Azure WAF), Web filtering, DDoS protection
  3. Single Sign On/MFA (Microsoft Entra/Okta/Cisco Duo)
  4. Malware Sandboxing, Microsoft Cloud PKI and Intune
  5. Zero Trust Solution (Zscaler, Palo Alto Networks, Microsoft Entra Private Access)

Référence  JR003009
À PROPOS DE CETTE ENTREPRISE
Hong Kong
Asset management
CITIC CLSA provides global investors and corporate executives with insights, liquidity and capital to drive their growth strategies. Award-winning re...
Plus d'offres de CITIC CLSA
CITIC CLSA
Manager, IT Security (Cloud), IT
CITIC CLSA
Hong Kong
il y a 4 jours Plein-temps Competitive
CITIC CLSA
IT Analyst, Wealth Management, IT
CITIC CLSA
Hong Kong
il y a 2 jours Plein-temps Competitive
CITIC CLSA
Sr Business Analyst, Research, IT
CITIC CLSA
Hong Kong
il y a 6 heures Plein-temps Competitive
CITIC CLSA
Lead Business Analyst, FICC, IT
CITIC CLSA
Hong Kong
il y a 8 heures Plein-temps Competitive
CITIC CLSA
Lead Business Analyst, EQD, IT
CITIC CLSA
Hong Kong
il y a 11 heures Plein-temps Competitive
CITIC CLSA
Sr. Business Analyst/Project Manager, Finance, IT
CITIC CLSA
Hong Kong
il y a 11 heures Plein-temps Competitive
CITIC CLSA
Sr. Business Analyst/Project Manager, Corporate IT, IT
CITIC CLSA
Hong Kong
il y a 2 jours Plein-temps Competitive
CITIC CLSA
Lead Infra Analyst, Servers, IT
CITIC CLSA
Hong Kong
il y a 2 jours Plein-temps Competitive
CITIC CLSA
Lead IT Analyst, MOBO, IT
CITIC CLSA
Hong Kong
il y a 2 jours Plein-temps Competitive
CITIC CLSA
Sr. Business Analyst, Asset Management IT, IT
CITIC CLSA
Hong Kong
il y a 3 jours Plein-temps Competitive

Donnez un nouvel élan à votre carrière

Trouvez des milliers d'opportunités emploi en vous inscrivant sur eFinancialCareers dès aujourd'hui.
Offres recommandées