top of page

後勤職位

TYPE:

Full Time

LOCATION:

Cheung Sha Wan

REFERENCE  NO:

IT-240305

IT Security Engineer

Responsibilities

  • Ensure that adequate security controls are in place following the company's policies and industry standards.

  • Ensure the effectiveness of security controls for both in-house IT operations teams and outsourced operations.

  • Promote and ensure secure software development life cycle (SDLC) practices and secure coding practices for in-house developed applications.

  • Stay up-to-date on information security processes and technologies, including emerging cyber-attack threats and corresponding mitigation controls.

  • Perform regular vulnerability assessments and penetration tests on the company's IT systems and network infrastructures and promptly drive the patch management process to address critical vulnerabilities.

  • Define and own the Computer Security Incident Response process, including maintaining escalation channels for all users and performing diagnosis.

  • Work closely with internal and external stakeholders to provide remediation for security incidents.

  • Maintain dashboards and collect metrics and reports on cyber threats and vulnerabilities in IT systems/infrastructures.

  • Provide expert consultation to other teams.

Requirements

  • University degree in Information Security, IT, Computer Science, or a related field.

  • Holder of security certificates such as GIAC, CEH, OSCP, CISSP, CISM,  CISA is preferred.

  • 3-5 years of working experience in computer security incident response or computer forensics in security vendors or law enforcement authorities is preferred.

  • Knowledgeable in TCP/IP networking and network security products, such as firewalls, intrusion detection and prevention systems (IDPS), and web proxies.

  • Experienced in Windows and Linux/UNIX operating systems.

  • Familiar with information security technologies, such as AAA systems, email and web security, PKI, data encryption, and endpoint protection systems.

  • Familiar with information security standards, such as ISO27001, C-RAF, COBIT 5, and CIS Critical Controls.

  • Good understanding of cyber-attack techniques (e.g., APT, DDoS, malware, phishing) and the corresponding response and investigation methodologies.

  • Knowledgeable in computer forensics and advanced data recovery tools.

Benefits

  • Competitive Package

  • Extra / Special Leaves

  • Medical Benefit

  • Professional Training & Subsidies

  • Property Purchasing / Leasing Discount

  • 5-day Week

  • Casual Wear Days

bottom of page