Principal Security Specialist – IT (IT Compliance & Security Management) For a 12-month contract)
- Regular review of threat alerts from multiple threat intelligence feeds
- Support red-team (attack simulation) and blue-team (fine tuning of detection and protection policies) exercise
- Threat hunting based on defined threat model for the company and attack scenarios
- Feed threat intelligence into SOC operation to speed up incident identification, response and investigation
- Perform patch assessment for major OS platforms and technologies
- Provide advisory for CIS benchmark adoption and review exceptions
- Coordinate penetration tests and follow up test findings
- High diploma or university degree in computer science or related disciplines
- At least 8 years of relevant experience in IT, preferably in information security.
- Experience on using Threat Intelligence Platform (TIP) to review and analyze cybersecurity threats
- Experience on vulnerability assessment and system hardening
- Experience with type of security scanners, e.g. Tenable, Qualys, Acunetix etc.
- Able to analyze cybersecurity threats that may impact the company, including the information from security news, threat reports, threat intelligence feeds, social media etc.
- Able to search through security events to spot internal and insider threats
- Able to identify gaps/weaknesses in SOC monitoring capability by mapping detection rules to attack kill chain tactics and techniques, i.e. MITRE ATT&CK framework.
- Able to perform malware analysis and using sandbox for detailed investigation
- Holder of valid CISSP, CCNP, CEH and/or MCSE are advantage
- Self-motivated and able to work under pressure
- Good communication skills
Applicants who do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX.