Information Security Engineer – AVP – Information Security – IT – 12months Contract

Job Summary:

The Information Security Team consists of the security strategy and solution architecture team, the security engineering and operations team, the threat management team as well as the security governance business. This role sits within the security engineering team managing the design and the build-out of the IT security solutions.

Job Duties:

As the Information Security Engineer of HKEX, you will be responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, you will have the opportunity to work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.

You play a key role in protecting the organization.

Responsibilities:

• Deploy and configure WAF, IPS, Anit-DDOS, Web proxy etc. based on security requirements identified and defined with application teams and business owners. 
• Responsible for security systems lifecycle and asset health management, including installation, patching and upgrading, configuration, administration, uptime monitoring, swift response to alerts & incidents, capacity expansion, accounts and firewall rule recertification and housekeeping.
• Responsible for supporting application onboarding.
• Manage signature updates, rule monitoring and fine-tuning.
• Maintain and ensure up-to-date documentation of system design, architecture diagram, configuration, SOP, runbook, incident & problem RCA resolution. 
• Manage vendors and suppliers’ engagement, license, contracts, issue tracking & escalation and regular vendor performance review.
• Regularly assess control effectiveness and operational efficiency, provide performance enhancement, architecture optimization and obsolescence replacement recommendations.
• Continuously improve quality and reduce operation risk by Automation.

Requirements:

• University degree in Computer Science, Information Technology, or related field. 
• 8-12 years proven work experience as an Information Security / DevSecOps Engineer and/or application developer.
• Hands-on with at least 2 among WAF, IPS, Anit-DDOS or Web proxy products.
• Experienced in web application risk remediation (e.g. OWASP Top 10).
• Comfortable with automated deployment tool (e.g. Ansible playbook).
• Familiar with automated monitoring tools (e.g. Grafana, Prometheus).
• Strong information security technology knowledge/concepts and can effectively communicate with senior management and a broad range of technical/non-technical audiences. 
• Basic project and stakeholder management skills required.
• Sound knowledge of risk frameworks, such as Mitre ATT&CK, NIST Cybersecurity Framework.
• Relevant certifications (e.g., CISSP, CCSP, CEH) are a plus but not a must.

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.