Assistant Vice President - Security Testing & Assessment - IT

Company Introduction:

We’re home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.

HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."

Job Summary:

The Security Testing and Assessment (STA) Team within the Group CISO Office is primary responsible for testing the effectiveness of cyber defenses across HKEX’s systems, networks and applications. The STA team is seeking a highly motivated and experienced Cyber Security professional to support the planning, execution, and reporting of high-quality attack simulation exercises. The successful candidate will work closely with application, infrastructure, and information security teams to identify security weaknesses, drive remediation, and continuously uplift the Group’s cyber resilience through threat led testing.

Job Duties:

Job Responsibilities:

Attack Simulation Testing

• Scope, plan, and execute Red Team and Purple Team exercises to assess the effectiveness of cyber detective and protective controls across network, application, and cloud environments

• Design realistic and prevalent attack scenarios based on the latest threat intelligence, MITRE ATT&CK framework, application and system specific risk profiles

• Conduct full scope attack simulations, covering cloud and on-premises infrastructure, emerging and established technologies, and application specific attack vectors

• Prepare executive management and detailed technical reports that provide the necessary insight to support security fixes, patches, remediation to minimise future risk of exploitation

• Develop and execute custom payloads, scripts, tools, and automation to enhance attack simulation capabilities and testing efficiency

Security Assessment & Remediation Oversight

• Act as the project manager for leading security assessments, including scoping, overseeing project execution, and quality assurance review of reports

• Work closely with application, infrastructure, and security teams to track remediation activities and validate the effectiveness of implemented fixes

• Collaborate with the Information Security team to continuously enhance defensive and detection capabilities, penetration testing, vulnerability assessment and purple teaming.

Cyber Threat Research & Threat Intelligence Updates

• Stay up-to-date with evolving cyber threats, attack techniques, and offensive security trends, and translate findings into practical security testing

• Provide executive-level reporting on cyber threat updates to senior IT management and key stakeholders

Job Requirements:

• Bachelor’s degree in Computer Science, Information Technology, or a related discipline, preferably with a focus on Cybersecurity, or equivalent practical experience

• Minimum of 6+ years of relevant hands-on experience in penetration testing, Purple Teaming and Red Teaming, including experience in leading or managing security testing engagements, covering areas like network, web application, cloud security, and social engineering.

• Holder of at least one of the following certifications:

  • OSCP (OffSec Certified Professional)

  • OffSec Certified Expert 3 (OSCE³)

  • OffSec Exploitation Expert (OSEE)

  • Recognised CREST or SANS certifications relevant to Red Teaming

  • Certified Information Systems Security Professional (CISSP)

  • Certified Ethical Hacker (CEH)

• Strong collaborative, analytical, project management and communication skills.

• Deep knowledge of adversarial tactics, techniques, and procedures (TTPs) and the MITRE ATT&CK framework

• Strong technical reporting and communication skills, with the ability to clearly explain technical issues to both technical and executive audiences.

• Ability to work independently and coordinate cross team / cross time zone activities effectively

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

Location:

HKEX - Exchange Square

Shift:

N/A

Scheduled Weekly Hours:

40

Worker Type:

Permanent