Penetration Tester

Location: Hong Kong
Job Type: 1-Year Renewable Contract
Industry: Consulting
Salary: HKD 24,000/month

We are looking for a Junior Penetration Tester, responsible for identifying and evaluating security vulnerabilities across a variety of environments. This role demands a deep technical understanding of security protocols, paired with the ability to adapt methodologies to meet the needs of ever-evolving projects. As a Penetration Tester, you will work closely with cross-functional teams to ensure security measures are robust and aligned with business goals, offering flexible and practical solutions to enhance overall security posture.

Key Responsibilities:

• Conduct detailed penetration tests across a variety of systems, including applications, networks, and cloud infrastructures.
• Adjust and tailor testing approaches to meet specific project requirements, system configurations, and organizational contexts.
• Identify, document, and report vulnerabilities with a focus on providing actionable insights and aligning findings with business priorities.
• Collaborate with development, security, infrastructure, and project teams to ensure security best practices and propose effective remediation strategies.
• Continuously update and refine testing methodologies to stay in line with the latest security threats and vulnerabilities.
• Develop and refine custom scripts, tools, and processes to enhance penetration testing capabilities and efficiency.
• Provide clear, concise, and risk-based reports to both technical and non-technical stakeholders.
  
  

Key Qualifications:

• At least 3 years of hands-on experience in penetration testing, covering web applications, mobile platforms, networks, and APIs.
• Expertise with penetration testing tools such as Burp Suite, Kali Linux, Nessus, Nmap, and scripting languages (Python, Bash, etc.).
• Strong problem-solving abilities, with a creative approach to identifying security gaps and vulnerabilities.
• Familiarity with industry frameworks and methodologies like OWASP, NIST, PTES, and MITRE ATT&CK.
• Proven ability to communicate technical findings effectively to both technical teams and business leaders.
• Relevant certifications such as OSCP, OSWE, eWPTX is a plus.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.