EY Consulting-Financial Services Technology Consulting 

China, Hong Kong, Hong Kong Island 

811519774

Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing

ideas, technologies and explore new challenges.

Your key responsibilities

• Perform vulnerability scanning and penetration testing of web applications, mobile

applications (Android and iOS), web services, API, network, thick client etc.

• Prepare testing reports and findings tracker sheets based on the provided template

• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and assist with the mitigation of the identified vulnerabilities

• Research the latest security best practices and stay abreast of new threats and

• Support Red Teaming exercise

• Coach / mentor junior team members on VSPT related knowledge and skills

• Participate in a fast-paced delivery in challenging projects of other cyber security

• Involve in customer relationship management, project management and team

Requirements:

To qualify for the role you must have:

Experience in using vulnerability scanning tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.)

• Knowledge in performing automated vulnerability scanning and manual penetration testing of web applications, mobile applications (Android and iOS), web services, API,

network, thick client etc.

• Proficiency in written and oral English communication skills. Cantonese is an advantage

• Experience in static and dynamic secure code review will be an added advantage

• Mandatory Certification - any one of OSCP, CREST, GPEN, ECSA, LPT or equivalent

Skills and attributes for success

• College degree or equivalent with minimum 2 years’ related work experience in penetration

• Thorough understanding of the following items:

• Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.

• Risk Rating Standards like DREAD, CVSS etc.

• Application architecture and Secure development life cycle (SDLC)

• Threat modelling and risk analysis

• Strong organizational, team-work, multi-tasking and time-management skills

• Exposures to working with industry leading organizations in Financial industry

• Opportunities to develop new skills and progress your career

• Support, coaching and feedback from some of the most engaging colleagues around

• The freedom and flexibility to handle your role in a way that’s right for you

As a global leader in assurance, tax, strategy and transactions and consulting services, we’re using the finance products, knowledge and systems we’ve developed to build a better

working world. That starts with a culture that believes in giving you the training,

opportunities and creative freedom to make things better. Whenever you join, however