Objective:
Simulate real-world cyber-attacks, conduct penetration tests, and uncover security vulnerabilities across trading platforms, cloud infrastructure, and internal networks.

Key Responsibilities:

• Execute penetration testing across web applications, mobile platforms, network perimeters, and APIs, along with comprehensive vulnerability assessments
• Plan and run red team and purple team exercises, including controlled phishing and social engineering campaigns
• Perform source code security reviews and assess security configurations for cloud services, servers, and network devices
• Evaluate the security architecture of cloud-based and on-premise environments
• Document discovered vulnerabilities, deliver actionable remediation recommendations, and contribute to continuous improvement of testing methodologies

Requirements:

• 1–2 years of hands-on experience in penetration testing, red teaming, or vulnerability assessment
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• At least one offensive security certification: OSCP, OSWP, OSEP, GPEN, GWAPT, CREST, or eCPPT
• Proficiency in scripting and programming languages such as Python, Bash, or PowerShell
• Solid understanding of networking concepts (TCP/IP, SSL/TLS, load balancers, etc.)
• Strong report writing and verbal communication skills

Language Requirements:

• Fluent English (written and spoken)
• Fluent spoken Cantonese or Mandarin
• Written Chinese is preferred