Consulting - Financial Services, Technology Consulting, Cyber Security, Staff Associate - Hong Kong
EY
- Company Industries:Accounting/Audit/Tax Services
Job Information
- Post Date:2022-07-02
- Location:Not Specified
- Employment Type:Full Time
- Job Function:Information Technology (IT) UI/UX Designer
Job Description
Your key responsibilities
- Perform vulnerability scanning and penetration testing of web applications, mobile
applications (Android and iOS), web services, API, network, thick client etc.
- Prepare testing reports and findings tracker sheets based on the provided template
- Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and assist with the mitigation of the identified vulnerabilities
- Research the latest security best practices and stay abreast of new threats and
vulnerabilities
- Support Red Teaming exercise
- Coach / mentor junior team members on VSPT related knowledge and skills
- Participate in a fast-paced delivery in challenging projects of other cyber security
domains
- Involve in customer relationship management, project management and team
management
Requirements:
To qualify for the role you must have:
- Experience in using vulnerability scanning tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.)
- Knowledge in performing automated vulnerability scanning and manual penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc.
- Proficiency in written and oral English communication skills. Cantonese is an advantage
- Experience in static and dynamic secure code review will be an added advantage
- Mandatory Certification - any one of OSCP, CREST, GPEN, ECSA, LPT or equivalent
Skills and attributes for success
- College degree or equivalent with minimum 2 years’ related work experience in penetration testing
- Thorough understanding of the following items: Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.
- Risk Rating Standards like DREAD, CVSS etc.
- Application architecture and Secure development life cycle (SDLC)
- Threat modelling and risk analysis
- Strong organizational, team-work, multi-tasking and time-management skills
Company Info
At EY, our 300,000 professionals work together to deliver assurance, tax, transaction and consulting services. We are united by our shared values
and an unwavering commitment to quality. And, we make a difference through leading practices that develop our people, help our clients and strengthen our communities. Our collaborative culture supports the personal and professional success of each individual.
Learn more about who we are, what we do and how to achieve your potential by visiting: (EY refers to the global organization of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company
limited by guarantee, does not provide services to clients.)
https://www.ey.com/en_cn/who-we-are
Position | Company | Location | Update |
---|