Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

EY Consulting - Financial Services Technology 
China, Hong Kong, Hong Kong Island 
132549532

08.07.2024

Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing

ideas, technologies and explore new challenges.

Your key responsibilities

• Perform vulnerability scanning and penetration testing of web applications, mobile

applications (Android and iOS), web services, API, network, thick client etc.

• Prepare testing reports and findings tracker sheets based on the provided template

• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and assist with the mitigation of the identified vulnerabilities

• Research the latest security best practices and stay abreast of new threats and

• Support Red Teaming exercise

• Coach / mentor junior team members on VSPT related knowledge and skills

• Participate in a fast-paced delivery in challenging projects of other cyber security

• Involve in customer relationship management, project management and team

Requirements:

To qualify for the role you must have:

  • Experience in using vulnerability scanning tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.)
  • Knowledge in performing automated vulnerability scanning and manual penetration testing of web applications, mobile applications (Android and iOS), web services, API, network, thick client etc.
  • Proficiency in written and oral English communication skills. Cantonese is an advantage
  • Experience in static and dynamic secure code review will be an added advantage
  • Mandatory Certification - any one of OSCP, CREST, GPEN, ECSA, LPT or equivalent

Skills and attributes for success

  • College degree or equivalent with minimum 2 years’ related work experience in penetration testing
  • Thorough understanding of the following items: Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.
  • Risk Rating Standards like DREAD, CVSS etc.
  • Application architecture and Secure development life cycle (SDLC)
  • Threat modelling and risk analysis
  • Strong organizational, team-work, multi-tasking and time-management skills

What working at EY offers

  • Exposures to working with industry leading organizations in Financial industry
  • Opportunities to develop new skills and progress your career
  • Support, coaching and feedback from some of the most engaging colleagues around
  • The freedom and flexibility to handle your role in a way that’s right for you