Discover your dream Career
For Recruiters

Analyst, IT Security Engineering, IT

CITIC CLSA Hong Kong
Posted 11 hours ago Permanent Competitive

Analyst, IT Security Engineering, IT

CITIC CLSA Hong Kong

Position Description

We are looking for an IT Security Analyst who is proactive, self-motivate, willing- to-do attitude to be part of an international IT Security team to engineer and support security solutions.

As a team member in IT security team, you will be a contributor to the company’s IT and Cyber security strategy and operations. You and your team will be managing a portfolio of IT security tools in identity access management, network intrusion detection system, endpoint protection, email security, data leakage protection, application security, and other information security controls.

Key Areas of Responsibilities

  1. Conduct penetration testing, vulnerability scanning and code review on different IT systems and technologies
  2. Perform architecture Review and security assessments on IT systems’ design, configuration, source code review on both On-Perm and Cloud
  3. Conduct Cyber-attack simulation using red team / blue team / purple team exercises
  4. Prepare and review reports on identified security vulnerabilities and possible recommendations to remediate the vulnerabilities
  5. Perform access review for vendor and guest access on IT systems and services.
  6. Assist on Evaluating, Design, planning and implementing IT security solutions, such as Web Application Firewalls, Single Sign On/MFA, Biometric authentication, Cloud Based Public Key Infrastructure (PKI), Malware Sandboxing, AI red teaming, Zero Trust Solutions, etc.
  7. Assist on first and second level support for some of IT security controls and tools including penetration test tools, vulnerability scanning tools, etc.
  8. Be the subject matter expert for some of the IT Security tools.
  9. Build and maintain an effective working relationship with the team’s key stakeholders - IT Security team members, IT teams and business teams.
  10. Design and deliver new strategic security initiatives with collaboration from business partners.
  11. Maintain an Up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices, Post Quantum Computing standard (ML-KEM, ML-DSA, SLA-DSA), and developments in Artificial Intelligence.

Requirements

  1. Bachelor Degree of above in IT, Computer Science
  2. 3-5 years related experience in cybersecurity, with knowledge in regulatories
  3. Preferably holds IT Security Certifications such as CISSP, CISA, CISM, etc. Certificates related to offensive security (e.g. OSCP, OSWP, OSEP or equivalent) are an advantage.
  4. Candidates with backgrounds in Big4, IT consultancy firms, or Cyber Threat Intelligence are welcome to apply
  5. Hands-on experience with penetration test and vulnerability scanning tools such as Burp Suite, Metasploit, ZAP, Qualys, Tenable/Nessus, Nmap, etc
  6. Strong communication skills in English and Chinese, as well as project management skills
  7. Experience of offensive security services on Web, Network, Server, Client Apps, Mobile, AI, Internet of Thing (IOT) is required:
  8. Penetration testing
  9. Security risk assessment/technical review
  10. Configuration review
  11. Vulnerability scanning and assessment

  1. Knowledge and understanding of the following areas are the foundation to succeed on this role:
  2. Microsoft 365 cloud services – e.g. Exchange online, Sharepoint, OneDrive, Teams, etc
  3. Public Cloud computing platforms - Microsoft Azure, AWS, GCP, Ali Cloud, Tencent Cloud, etc
  4. AI Tools/Models - OpenAI GPT, Anthropic Claude, Google Gemini, Microsoft Copilot, Amazon Bedrock, Grok
  5. IP/Cisco Networking
  6. Virtualization Technology
  7. Microsoft Active Directory, Microsoft Certificate Authority, Microsoft Windows servers and Linux
  8. Storage and Database fundamental

Good-to-have

  1. Knowledge of two or more of the following security areas belowis a plus :
  2. Web Application Firewalls (Akamai, Cloudflare, AWS WAF, Azure WAF), Web filtering, DDoS protection
  3. Single Sign On/MFA (Microsoft Entra/Okta/Cisco Duo)
  4. Malware Sandboxing, Microsoft Cloud PKI and Intune
  5. Zero Trust Solution (Zscaler, Palo Alto Networks, Microsoft Entra Private Access)

Job ID  JR003009
ABOUT COMPANY
Hong Kong
Asset Management
CITIC CLSA provides global investors and corporate executives with insights, liquidity and capital to drive their growth strategies. Award-winning re...
More Jobs From CITIC CLSA
CITIC CLSA
Manager, IT Security (Cloud), IT
CITIC CLSA
Hong Kong
3 days ago Full time Competitive
CITIC CLSA
IT Analyst, Wealth Management, IT
CITIC CLSA
Hong Kong
1 day ago Full time Competitive
CITIC CLSA
Lead Infra Analyst, Servers, IT
CITIC CLSA
Hong Kong
1 day ago Full time Competitive
CITIC CLSA
Lead IT Analyst, MOBO, IT
CITIC CLSA
Hong Kong
1 day ago Full time Competitive
CITIC CLSA
Lead Support Analyst, Shared Services & Production Management, IT
CITIC CLSA
Hong Kong
3 days ago Full time Competitive
CITIC CLSA
Sr. Support Analyst, Asset Management IT, IT
CITIC CLSA
Hong Kong
3 days ago Full time Competitive
CITIC CLSA
Sr. Support Analyst, Sales & Research IT, IT
CITIC CLSA
Hong Kong
3 days ago Full time Competitive
CITIC CLSA
Support Analyst, End User Services, IT
CITIC CLSA
Hong Kong
4 days ago Full time Competitive
CITIC CLSA
Sr. Support Analyst, FICC & EQD Applications, IT
CITIC CLSA
Hong Kong
5 days ago Full time Competitive
CITIC CLSA
Sr. Manager, Data & Cyber Security Governance, IT Security, IT
CITIC CLSA
Hong Kong
3 months ago Full time Competitive

Boost your career

Find thousands of job opportunities by signing up to eFinancialCareers today.
More Jobs Like This