AVP - Cyber Threat and Vulnerability Manager (Red-team)

My reputable client, a HK listed company is expanding their cyber security team, hiring for a few security experts in tech risk/ IT risk/ and red teaming. If you are keen to know more, please get in touch!

About the job:

The Cyber Threat and Vulnerability Manager is responsible for performing proactive detection and remediation of advanced threats to the organisation. The role involves working in the front line of protecting critical infrastructure of the Hong Kong Financial Markets, through continuously identification and timely response to emerging threats and vulnerabilities.

About the responsibilities:

• Develop strategies and to continuously identify, protect, detect and response to actual and potential threat actor activities within the organisation.
• Study threat actor behaviours, design and execute advanced threat hunting missions and develop detection use cases.
• Coordinate red, purple team and other thematic testing exercises to identify gaps in security control and recommend the remediation.
• Work with Security Architecture and Services Engineers to provide requirements in implementing and fine-tuning configurations in different security tools or systems.
• Identify critical vulnerabilities and assess their impact to the organisation. Follow-through with different teams to ensure they are taken in a timely manner.
• Advise, review and challenge the assessments performed by other teams on findings resulting from different security tests like vulnerability scans, penetration tests and red team exercises.
• Provide assistance in the security incident response process to ensure it is fully contained and eradicated.
• Subject matter experts in security threat and vulnerability related topics.

About the requirements:

• Bachelor’s Degree in Computer Science, Information Technology or related disciplines with Cybersecurity focus.
• Minimum 6 years of related work experience.
• Familiar with the MITRE ATT&CK and D3FEND framework and applying the framework for adversarial TTPs profiling, detection development and offensive testing.
• Hands-on experience in emerging threats handling, incident response and detection engineering
• Familiar with common security tools such as vulnerability management scanner, SIEM, SOAR and TIP.
• Knowledge and experience in common offensive security tools and red teaming methodologies.
• Holder of professional qualifications such as GPEN, OSCP, OSCE, OSEE, GCIH.