Your key responsibilities

• Perform vulnerability scanning and penetration testing of web applications, mobile

applications (Android and iOS), web services, API, network, thick client etc.

• Prepare testing reports and findings tracker sheets based on the provided template
• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and assist with the mitigation of the identified vulnerabilities
• Research the latest security best practices and stay abreast of new threats and

vulnerabilities

• Support Red Teaming exercise
• Coach / mentor junior team members on VSPT related knowledge and skills
• Participate in a fast-paced delivery in challenging projects of other cyber security

domains

• Involve in customer relationship management, project management and team

management

Requirements:

To qualify for the role you must have:

• Experience in using vulnerability scanning tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.)
• Knowledge in performing automated vulnerability scanning and manual penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc.
• Proficiency in written and oral English communication skills. Cantonese is an advantage
• Experience in static and dynamic secure code review will be an added advantage
• Mandatory Certification - any one of OSCP, CREST, GPEN, ECSA, LPT or equivalent

Skills and attributes for success

• College degree or equivalent with minimum 2 years’ related work experience in penetration testing
• Thorough understanding of the following items: Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.
• Risk Rating Standards like DREAD, CVSS etc.
• Application architecture and Secure development life cycle (SDLC)
• Threat modelling and risk analysis
• Strong organizational, team-work, multi-tasking and time-management skills