Security Testing Analyst
At Cathay Pacific, we share one common aspiration: to be the world's best airline. We believe in looking for the best in our people, in working as a team, in doing the right thing by our shareholders and our communities.
With a global team, we offer a diverse range of career choices and opportunities - in the air, on the ground; in customer service, in the office; managerial or professional roles. Our team of great people each plays a key role to deliver the quality service that we are famous for.
Highlight
Location: Hong Kong
Reports to: Security Test Lead
This position involves:
- Development of Cathay Pacific’s compliance with security requirements, policies, laws and regulatory requirements.
- Perform security testing including but not limited to vulnerability scanning, app & infra penetration test, security hardening and configuration review and provide recommendation.
- Work with IT Solution Centre to determine the right testing scope and sequent testing pre-requisite.
- Implement, maintain and enforce security testing process and standards.
- Manage security testing vendor to deliver and execute the security testing in right scope, quality and compliant to policies and standards.
Closing Date: 2022-07-11
Reports to: Security Test Lead
This position involves:
- Development of Cathay Pacific’s compliance with security requirements, policies, laws and regulatory requirements.
- Perform security testing including but not limited to vulnerability scanning, app & infra penetration test, security hardening and configuration review and provide recommendation.
- Work with IT Solution Centre to determine the right testing scope and sequent testing pre-requisite.
- Implement, maintain and enforce security testing process and standards.
- Manage security testing vendor to deliver and execute the security testing in right scope, quality and compliant to policies and standards.
Closing Date: 2022-07-11
Responsibilities
- Drive and implement security testing policy, framework and process into project lifecycle and BAU activities
- Oversee the quality of the testing delivery, including but not limited to security test documents, test scope, methodology, and test execution, to ensure the security tests are fit-for-purpose of the request
- Ensure all security requirements according to policies and guidelines are examined and feasible recommendations for any findings are provided by the relevant test vendor or internal resources
- Manage test vendors to delivery high quality in execution and test result including review of testing pass/fail criteria, ensuring standards for stakeholder acceptance is in place and ensuring that the defined security test scenarios are adequately cover the security non-functional requirements
- Adopt risk-based approach to translate testing findings into risk by the use of IT Risk management framework
- Prepare and propose any security tools to facilitate qualitative and efficient security testing
- Provide requirements to facilitate testing environment establishment that enable the successful completion of the security testing
- Report and record all findings and its residual risk into IT Risk Register
- Cross- team collaboration with test vendors and internal resources to improve the security testing methodology
- Keep abreast of the latest trends in cyberattacks and understand the implication to testing methods
- Assist to conduct training on security testing methodologies and techniques to IT teams
- Promote secure coding best practice to developers
- Oversee the quality of the testing delivery, including but not limited to security test documents, test scope, methodology, and test execution, to ensure the security tests are fit-for-purpose of the request
- Ensure all security requirements according to policies and guidelines are examined and feasible recommendations for any findings are provided by the relevant test vendor or internal resources
- Manage test vendors to delivery high quality in execution and test result including review of testing pass/fail criteria, ensuring standards for stakeholder acceptance is in place and ensuring that the defined security test scenarios are adequately cover the security non-functional requirements
- Adopt risk-based approach to translate testing findings into risk by the use of IT Risk management framework
- Prepare and propose any security tools to facilitate qualitative and efficient security testing
- Provide requirements to facilitate testing environment establishment that enable the successful completion of the security testing
- Report and record all findings and its residual risk into IT Risk Register
- Cross- team collaboration with test vendors and internal resources to improve the security testing methodology
- Keep abreast of the latest trends in cyberattacks and understand the implication to testing methods
- Assist to conduct training on security testing methodologies and techniques to IT teams
- Promote secure coding best practice to developers
Requirements
All of the following experience and qualifications are preferred, but not mandatory:
- Degree-level/ Tertiary qualification in IT is essential
- Over 4 years’ experience in IT security testing function
- Certification in penetration testing discipline such as SANS-GWAP, PEN 300, OSCP, OSWE, OSCE, CREST CCT
- Competencies in information security framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc.
- Knowledge on security solutions and tools, e.g.: Nessus, Nmap, Burp, AppScan, Kali Linux etc.
- Experience in vendor management
- Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
- Strong interpersonal skills and able to maintain good relationship with others
- Proven management experience is a plus
- Proactive and willing to accept and drive changes to accomplish positiveoutcomes
- Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
- Focus on the end users or customers’ needs; ability to set expectations and understand end user behavior
- Degree-level/ Tertiary qualification in IT is essential
- Over 4 years’ experience in IT security testing function
- Certification in penetration testing discipline such as SANS-GWAP, PEN 300, OSCP, OSWE, OSCE, CREST CCT
- Competencies in information security framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc.
- Knowledge on security solutions and tools, e.g.: Nessus, Nmap, Burp, AppScan, Kali Linux etc.
- Experience in vendor management
- Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
- Strong interpersonal skills and able to maintain good relationship with others
- Proven management experience is a plus
- Proactive and willing to accept and drive changes to accomplish positiveoutcomes
- Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
- Focus on the end users or customers’ needs; ability to set expectations and understand end user behavior
Salary
Negotiable
Benefits
Please Sign in to view relevant information
Location
Validity
Expired