Associate, Cyber Risk, Offensive Security
Duff & Phelps Corp
Hong Kong, Hong Kong SAR


  • Deliver technical cyber security assessment services such as penetration testing, source code review, security architecture review, red / purple team exercises and tabletop exercises.
  • Keep up to date with the latest exploitation techniques and procedures through research and access to our training platforms and intelligence sources
  • Assist with writing and delivering presentations for diverse audiences, ranging from industry groups / events to private industry clients
  • Assist with DFIR investigations, as needed.

    These qualities are considered most important to performing the role :

  • Demonstrated ability to conduct penetration testing, vulnerability assessments, red teaming
  • Experience using open-source and commercial cyber security testing tools and frameworks
  • Familiarity with CWE, CVSS, OWASP, Mitre ATT&CK frameworks and scoring systems
  • Ability to work with minimal supervision and guidance
  • Ability to quickly learn new tools and techniques and adapt to new environments
  • A pro-active and results driven mindset with a desire to collaborate and learn
  • Good written and spoken English skills
  • Ability to communicate effectively with both technical and non-technical audiences
  • A passion for deep dive on technical subjects and the ability to focus intensely on solving complex technical puzzles.
  • Good time management and organizational skills
  • Comfortable working alone or in small teams on very specialized engagements

    Not essential, but candidates demonstrating the following qualities may be given priority selection :

  • Bachelor’s Degree or higher in Computer Science, Engineering or other relevant field
  • Software development and scripting experience
  • Hardware engineering, maker or hardware hacking experience
  • Be familiar or experienced with Active Directory security
  • Good knowledge of Cloud technology and security
  • Prior participation in CTF or Bug Bounty programs
  • Creating or contributing to open-source software projects, media or groups related to cyber security.
  • Prior experience presenting at meetups or conferences, delivering training or running workshops
  • Public speaking experience
  • Experience with DFIR or blue team / SOC experience
  • Reverse engineering experience
  • Vulnerability research experience and exploit development
  • Possession of relevant accreditation such as CREST, OSCP, GIAC, CRTP / CRTE, CISSP, etc.
  • 报告这项工作

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。