- Scope, plan, and deliver manual penetration tests on enterprise systems, commercial network infrastructures, and mobile applications to identify potential vulnerabilities.
- Execute specialized security assessments focused specifically on mobile application environments and their underlying integrations.
- Deliver detailed technical reports outlining exploit paths, business risk analysis, and actionable remediation strategies for internal engineering teams.
- Keep abreast of the latest threat intelligence, zero-day vulnerabilities, and offensive security methodologies to uplift the organization's overall defense posture.
skills & experiences required.
- Atleast 4 years of professional IT experience directly related to IT security.
- Must possess a minimum of two (2) years of hands-on experience in delivering IT projects focused on manual penetration tests for systems featuring mobile applications.
- Must hold at least one (1) recognized cybersecurity certification from the list below:
- Offensive Security: OSCP or OSCE.
- CREST: CRT (Registered Penetration Tester), CCT APP (Certified Web Applications Tester), CCSAS (Certified Simulated Attack Specialist), or CCSAM (Certified Simulated Attack Manager).
- GIAC: GWAPT, GPEN, or GXPN.
- Regional Certifications: CISP-PTE (CNITSEC), Certificate of Occupational Skill Level – Level 3 or above in Penetration Testing (CECC), or NSATP-A (ITSTEC).
- Exceptional problem-solving abilities with a proven track record of thinking like an attacker to secure complex environments.
- Good command of spoken and written English and Chinese to articulate technical risks effectively to diverse stakeholders.
If you are interested in this role, please click 'Apply Now' or send your CV directly to russell.regalado@randstad.com.hk
