Job Responsibilities:

• Build, lead and manage an internal cybersecurity red-team function, including planning and executing penetration testing and threat simulation exercises
• Design and execute red-team initiatives, collaborate with stakeholders to define objectives, scope, and success criteria
• Test and validate the effectiveness of security controls by using red-team approach
• Review and analyze Endpoint Detection & Response alerts to identify potential breaches, suspicious activities, and advanced attack attempts
• Conduct compromise assessments to identify signs of prior or ongoing unauthorized access to improve detection capabilities and validate security posture
• Coordinate purple team exercises and work closely with blue team and other security functions to improve detection and response capabilities through these exercises
• Provide detailed reports and executive-level presentations on findings, risk impact, and remediation recommendations
• Stay ahead of emerging attack techniques, tools, and threat actor behaviors to enhance testing methodologies
• Mentor and guide team members, fostering a culture of continuous improvement and technical excellence
• Keep abreast of the latest technologies such as cloud computing and mobile devices, and the corresponding security challenges as well as controls

Requirements:

• Degree holder in Information Security, IT, Computer Science or other related disciplines
• Minimum 6 years of work experience in IT security or equivalent with at least 3 years in offensive security or red teaming
• Proven experience in offensive security and red teaming including but not limited to penetration testing, exploit development, and adversary simulation
• Strong knowledge of attack techniques across network, application, cloud, and endpoint environments
• Familiar with frameworks such as MITRE ATT&CK, OWASP, and threat intelligence integration
• Hands-on experience with tools such as Cobalt Strike, Metasploit, Burp Suite, and custom attack frameworks
• Knowledgeable in social engineering, physical security and threat simulation
• Knowledgeable in TCP/IP, Linux/UNIX System Administration, and Windows System Administration
• Knowledge of Database Administration, Network Security, Mobile Technology, Cloud Security, Application Security, Active Directory Security and Virtualization Technology
• Knowledge of Core Java / C / C++ / Python is preferred
• Experience in security auditing for identifying weakness is preferred
• Experience in cybercrime and cybersecurity incident investigation is preferred
• Familiar with information security standards such as ISO27001 and HKMA C-RAF is a plus
• Good problem solving and trouble shooting skills
• Effective communication and interpersonal skills
• Able to work under pressure, self-motivated and good team player
• Passionate about technology and cyber security
• Holder of offensive security certificates such as CEH, OSCP, OSCE, OSEP, GPEN, CREST CRT
• Holder of other security certificates such as CISA, CISM, CISSP, CISP is preferred

We offer successful candidate an attractive remuneration package and excellent career prospects. Interested parties please send your resume, present and expected salary, contact details and quoting the reference number by clicking "Apply"

Visit our web site: http://www.octopus.com.hk/

The personal data collected will be used for recruitment purposes only. If you are not contacted by us within six weeks, you may consider your application unsuccessful. Personal data with an unsuccessful applicant will be destroyed 12 months after rejection of the application. During this retention period, you have the right to request for correction or destruction of your personal data at any time. Any request for the correction or destruction of personal data should be addressed in writing to our Human Resources & Administration Department.

Octopus is an equal opportunity employer and all employment decisions and Human Resources policies are administered; especially those relating to recruitment & selection, compensation & benefits, promotion & transfer, training & development and termination & redundancy; without discrimination on the basis of age, race, colour, religion, sex, national origin, marital status, pregnancy, physical and mental disability and family status but on genuine occupational qualification, job performance, employees’ ability and internal/ external relativities.