Key Responsibilities:

• Perform penetration testing (web, mobile, network, API) and vulnerability assessments.
• Execute red/purple team exercises and controlled phishing/social engineering campaigns.
• Conduct source code review and security configuration assessments (cloud/server/network).
• Review architecture of cloud and on-premise environments.
• Document findings, provide remediation recommendations, and assist in methodology improvement.

Qualifications:

• 1–2 years experience in penetration testing, red teaming, or vulnerability assessment.
• Bachelor's degree in CS, IT, or Cybersecurity.
• At least one offensive certification: OSCP, OSWP, OSEP, GPEN, GWAPT, CREST, or eCPPT.
• Scripting/programming: Python, Bash, or PowerShell.
• Solid networking knowledge (TCP/IP, SSL/TLS, load balancers).
• Strong report writing and communication skills.
• Languages: Fluent English (written/spoken). Fluent Cantonese or Mandarin (spoken). Written Chinese preferred.

Preferred (nice-to-have):

• Financial services or regulated environment experience.
• Knowledge of threat intelligence, reverse engineering, or SOC operations.