Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

EY Consulting-Financial Services Technology Consulting 
China, Hong Kong, Hong Kong Island 
811519774

30.06.2024

Cyber threats, emerging technologies, cloud adoption, digital disruption, and changing

ideas, technologies and explore new challenges.

Your key responsibilities

• Perform vulnerability scanning and penetration testing of web applications, mobile

applications (Android and iOS), web services, API, network, thick client etc.

• Prepare testing reports and findings tracker sheets based on the provided template

• Communicate with customer stakeholders to explain and demonstrate vulnerabilities, and assist with the mitigation of the identified vulnerabilities

• Research the latest security best practices and stay abreast of new threats and

• Support Red Teaming exercise

• Coach / mentor junior team members on VSPT related knowledge and skills

• Participate in a fast-paced delivery in challenging projects of other cyber security

• Involve in customer relationship management, project management and team

Requirements:

To qualify for the role you must have:

Experience in using vulnerability scanning tools (e.g. Nessus, AppScan, Accunetix, Burpsuite Pro, WebInspect, etc.)

• Knowledge in performing automated vulnerability scanning and manual penetration testing of web applications, mobile applications (Android and iOS), web services, API,

network, thick client etc.

• Proficiency in written and oral English communication skills. Cantonese is an advantage

• Experience in static and dynamic secure code review will be an added advantage

• Mandatory Certification - any one of OSCP, CREST, GPEN, ECSA, LPT or equivalent

Skills and attributes for success

• College degree or equivalent with minimum 2 years’ related work experience in penetration

• Thorough understanding of the following items:

• Common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.

• Risk Rating Standards like DREAD, CVSS etc.

• Application architecture and Secure development life cycle (SDLC)

• Threat modelling and risk analysis

• Strong organizational, team-work, multi-tasking and time-management skills

• Exposures to working with industry leading organizations in Financial industry

• Opportunities to develop new skills and progress your career

• Support, coaching and feedback from some of the most engaging colleagues around

• The freedom and flexibility to handle your role in a way that’s right for you

As a global leader in assurance, tax, strategy and transactions and consulting services, we’re using the finance products, knowledge and systems we’ve developed to build a better

working world. That starts with a culture that believes in giving you the training,

opportunities and creative freedom to make things better. Whenever you join, however