About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.
This in turn helps us to provide better support to our broad client base.
As one of the biggest banks in market, we are rapidly expanding by growing a new virtual banking business in Hong Kong. We see ourselves as a fast growing start-up company where you will enjoy autonomy and teamwork at the same time, solving new and exciting problems in a nimble and agile way.
Join us and be part of history making for future banking experience! The Role Responsibilities We are looking for a Senior Penetration Tester to provide senior Cyber Security expertise to effectively and efficiently ensure the ongoing confidentiality, integrity and availability of systems and information.
The person will be focusing on penetration testing, application and code security, vulnerability assessments, and security incident management.
Strong hands-on experience with security testing, networking and monitoring tools, such as Burp, suite, OWASP Zap, Nmap, Metasploit, Wiresshark and SIEM are highly preferable.
Lead and perform hands-on penetration testing of web applications, APIs, infrastructure, mobile (iOS / Android), and network in order to assess and validate the security posture
Perform vulnerability scans and assessments
Conduct security code reviews and make recommendations to developers
Drive security awareness of secure coding practices and techniques
Write high quality security reports on identified security vulnerabilities, including recommendations to remediate, and delivery of report to stakeholders
Work collaboratively with key development and operations stakeholders in order to establish and deliver a secure CI / CD pipeline
Support incident management response and investigation activities such as triage, threat analysis, end-user interviews, and remediation efforts
Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
Excellent time management and ability to work on multiple projects as needed
Manage key security assurance suppliers as required
Conduct offensive research to evaluate emerging cyber security threats and trends
Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
Build strong working relationships across the business and technology teams
Coach and mentor junior team members
Our Ideal Candidate
Solid experience in IT security related positions with a key focus on penetration testing, application and code security, vulnerability assessments, and security incident management
Passion for offensive security and assurance
Strong risk mindset and knowledge of risk management guidelines and frameworks
Deep understanding of penetration testing methodologies, vulnerability identification, and software security principles
Being able to translate complex technical scenarios, cyber security specific threats, and related mitigating controls into a language that stakeholders at all levels can understand
Hands-on threat, vulnerability, patching, and remediation management experience
Additional experience working within a CIRT / SOC, or similar capacity
Strong hands-on experience with security testing, networking, and monitoring tools such as, Burp Suite, OWASP Zap, Nmap, Metasploit, Wireshark, and SIEM
Ability to act calmly and competently in high-pressure, high-stress situations. Must be a critical thinker, with strong problem-solving skills and analytical skills
The ability to manage multiple projects under strict timelines
Development and automation experience in one or more programming languages are highly desired
Experience working in a cloud environment is highly desired
Ability to contribute in a team environment
Strong English communication skills
One of more industry-recognised certifications in penetration testing (OSCP, OSWE, OSCE, CREST CCT / CRT, SANS, etc.)
Desirable for Bachelors / Masters level qualifications in Management, Engineering, Law, Computer Science, IT, Business or Commerce
Participation in relevant Cyber Security industry forums is desirable.