Your new company
International Consultancy Firm

Your new role The role of the Senior Consultant (Cybersecurity – Offensive Security) is to provide security configuration assessment, vulnerability assessment, Cloud technical security assessment, penetration testing and adversary emulation/simulation, and cost effective advice on the management of cybersecurity and information risk to our clients. You’ll be the focal point for resolution of cybersecurity and information risk matters to the client as well as being able to identify, analyse and evaluate cybersecurity and information risks which in turn you will then relay to the risk owners and other stakeholders the causes, likelihood and potential business impacts of cybersecurity and information risks.

To deliver this service you’ll be assisting on various areas:

• Conducting application/server/network/middleware/Cloud security configuration assessment
• Performing vulnerability assessment on different platforms and technologies
• Performing web and mobile, thick client, infrastructure, and wireless network penetration tests
• Emulate/Simulate Adversary TTPs using red teaming techniques
• Conduct source code review to identify any potential coding vulnerability (using either manual or automated processes)
• Remain up-to-date on the latest cybersecurity threats, vulnerabilities and regulatory requirements
• Strong experience in offensive security tools (such as Metasploit, Mimikatz, Burp) and defensive security tools (such as SIEM, NDR, EDR, DLP)
• To present risk management options to the business
• To support the development of appropriate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to all the stakeholders including both IT and business
• To assess and provide threat-driven defense solutions against evolving threat landscape

What you'll need to succeed

• Degree Holder in Computer Science, IT Management, Engineering or equivalent;
• Minimum four years of work experience in Information Technology or Engineering industry
• At least four years of client facing working experience
• At least three years of demonstrable experience in any of the following: security configuration assessment, vulnerability assessment, cloud technical security assessment, penetration testing and adversary emulation/simulation, Familiar with security technologies, e.g. NGFW, IDS/IPS, EDR, SIEM, etc
• Ability to work independently and under pressure;
• Strong analytical, problem solving and inter-personal skills that can deliver results
• Excellent communication skills in both written and oral English and Chinese
• Willing to travel overseas on some projects
• Related qualifications and/or industry certifications such as CRT, OSCP/GPEN, OSWE/GWAPT, OSCE3/GXPN/CCSAS/CCSAM are a must
• CISSP, CISM and other Cloud certifications is a plus

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV to conrad.chang@hays.com.hk, or call us now by +852-2230-7914.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. #1243269