Cybersecurity and Risk Analyst

Posted 11 October 2023
Salary HKD40000 - HKD50000 per month, Benefits: Performance bonus, 15 days AL, medical,
LocationHong Kong
Job type Permanent
Discipline Cyber Security
Contact NameNicholas Ng

Job description


• Enhance the organization's cyber security defense, readiness for attacks, incident response preparedness, recovery procedures, and contingency plan.
• Assist in conducting regular cyber-attack simulation exercises and internal assessments to test the effectiveness of the organization's security controls.
• Provide support in vulnerability management operations, including scheduling regular vulnerability scanning for system and network infrastructure and application systems.
• Support ad-hoc security and risk analyses and prepare incident reports for critical incidents, reporting them to management.
• Classify and prioritize findings, identify relevant risks, and collaborate with relevant parties to take remedial actions.
• Review and maintain cyber security policies, standards, and procedures in accordance with information security and risk management policies, standards, and guidelines.
• Support the development and implementation of technical measures to achieve security objectives, such as device hardening (Windows, Linux, K8s), security alerts (Elasticsearch alerts, customized scripting alerts), and others.


• Hold a degree in Computer Science, IT, Cyber Security, or a related field.
• Possess a minimum of 3-4 years of solid experience in cyber security management.
• Have hands-on experience in cyber security operations, e.g., basic scripting (Python, Bash script, and/or PowerShell), offensive security tools (Tenable Nessus, Burp Suite, OWASP ZAP, Kali, and Nmap), defensive security measures (security hardening, NGFW, WAF, IPS/IDS, NAC, EDR, and anti-virus), SIEM tools (Elasticsearch and Splunk), and incident handling.
• Be familiar with system and network infrastructure solutions.
• Demonstrate good knowledge of enterprise IT environments, e.g., Linux, Windows, Active Directory, networking, IoT, Big Data, and Docker, in both on-premises, cloud, and hybrid environments.
• Good to have relevant security certifications such as CEH, CHFI, ITIL, CCSA, CISSP, and CISA.
• Exhibit excellent interpersonal skills, strong analytical and problem-solving abilities, and a quick learning aptitude.
• Proficiency in English, Chinese, and Mandarin is a plus.
• Candidates with less experience will be considered for the position of Cyber Security Engineer.