Technical Lead / Senior Analyst (Information Security)
The Hong Kong Jockey Club
Hong Kong

The Department

Information Technology and Sustainability Division will provide innovative technology solutions that contribute significantly to the Club's mission and strategic objectives.

You will :

  • Work with assigned Project Manager to drive small- to mid-size IS initiatives to evaluate, acquire and deploy new IS technologies and capabilities, and ensure initiatives get completed on time and budget.
  • Work with business and IT stakeholders to design, implement and update a network vulnerability scanning systems for Betting, Property and Broadcasting, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats.
  • Deliver the penetration test life cycle process and co-work with SME and application teams for defining the scope within which the pen-tester must operate, testbed scheduling, testing tool and white box testing arrangement to streamline the pen-testing duration, and ensure the completeness and tracking the findings and rectification schedule.
  • Provide technical support in security log, feeds and raw source into SIEM for data security analytics.
  • Perform information security risk assessment and technical advisory for assigned project areas to ensure compliance to HKJC IS policy, standards and practices, as well as mitigation of all identified risks.
  • Conduct technical study of IS initiatives and provide technical suggestion and recommendation in design, development and system integration.
  • Assist to solve technical problems to provide an efficient environment for project implementation
  • You should have :

  • A university degree with strong technical background, particularly in Information Technology, security, application development and / or networking
  • 5 to 8 years’ experience working in technical IT roles, with at least 3 years’ hands-on experience in enterprise security infrastructure, IS risk assessments or testing;
  • a CISSP, CISA or CREST relevant certification will be advantageous.

  • Experience with vulnerability assessments - scanning the environment, generating reports and engaging with system owners and stakeholders to make certain that any observed vulnerabilities or security concerns are addressed / remediated.
  • Experience performing analysis with Security Data Analytic technology such as SIEM, UEBA, ELK, SOAR
  • Strong understanding of networking protocols, operating systems and cyber security concepts and technologies.
  • Promote security awareness and adoption of security standards and practices to staff members including vendors
  • Able to implement the vulnerabilities scanning to different network segment and prevention by existing security controls.
  • Ideally automate this process.

  • Able to identify gaps / weaknesses in SOC monitoring capability by mapping detection rules, e.g. SIEM use cases, Carbon Black watch lists, Darktrace models, AD monitoring and Firewall policy
  • Good knowledge of networks and systems protocols as well as IT Security methodologies, vulnerability scan methodologies and approaches
  • Knowledge of incident response methodologies, security issues, vulnerabilities, exploits and security standards that may impact information security
  • Hands-on experiences to PC endpoint whitelisting, Web Isolation and / or MSS handling would be advantageous.
  • Good working knowledge of Windows, Linux, OSX and mobile operating systems.
  • Strong writing, communication and presentation skills
  • Well organisation skills and be able to closely follow up per check point on implementation timeline.
  • Eager to work in cross teams.
  • Terms of Employment

    The level of appointment will be commensurate with qualifications and experience. A contract employment will be offered to the successful candidate.

    Contract renewal will be subject to mutual agreement between the Club and the individual.


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。