Information Security Engineer – AVP – Information Security – IT – 12months Contract

HK-TKO G/F, Hong Kong

HKEX

HKEX Group's official website, covering investor relations, careers, corporate governance, market insights and our work in the community.

View all jobs at HKEX

Apply now Apply later

Company Introduction:

We’re home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.

HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."

Job Summary:

The Information Security Team consists of the security strategy and solution architecture team, the security engineering and operations team, the threat management team as well as the security governance business. This role sits within the security engineering team managing the design and the build-out of the IT security solutions.

Job Duties:

As the Information Security Engineer of HKEX, you will be responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, you will have the opportunity to work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team.

You play a key role in protecting the organization.

Responsibilities:

  • Deploy and configure WAF, IPS, Anit-DDOS, Web proxy etc. based on security requirements identified and defined with application teams and business owners. 
  • Responsible for security systems lifecycle and asset health management, including installation, patching and upgrading, configuration, administration, uptime monitoring, swift response to alerts & incidents, capacity expansion, accounts and firewall rule recertification and housekeeping.
  • Responsible for supporting application onboarding.
  • Manage signature updates, rule monitoring and fine-tuning.
  • Maintain and ensure up-to-date documentation of system design, architecture diagram, configuration, SOP, runbook, incident & problem RCA resolution. 
  • Manage vendors and suppliers’ engagement, license, contracts, issue tracking & escalation and regular vendor performance review.
  • Regularly assess control effectiveness and operational efficiency, provide performance enhancement, architecture optimization and obsolescence replacement recommendations.
  • Continuously improve quality and reduce operation risk by Automation.

Requirements:

  • University degree in Computer Science, Information Technology, or related field. 
  • 8-12 years proven work experience as an Information Security / DevSecOps Engineer and/or application developer.
  • Hands-on with at least 2 among WAF, IPS, Anit-DDOS or Web proxy products.
  • Experienced in web application risk remediation (e.g. OWASP Top 10).
  • Comfortable with automated deployment tool (e.g. Ansible playbook).
  • Familiar with automated monitoring tools (e.g. Grafana, Prometheus).
  • Strong information security technology knowledge/concepts and can effectively communicate with senior management and a broad range of technical/non-technical audiences. 
  • Basic project and stakeholder management skills required.
  • Sound knowledge of risk frameworks, such as Mitre ATT&CK, NIST Cybersecurity Framework.
  • Relevant certifications (e.g., CISSP, CCSP, CEH) are a plus but not a must.
  • Proficient in English writing and communications.

HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.

Location:

HKEX - TKO

Shift:

Standard - 40 Hours (Hong Kong SAR)

Scheduled Weekly Hours:

40

Worker Type:

Contract
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0

Tags: Ansible Automation CCSP CEH CISSP Compliance Computer Science DDoS DevSecOps Firewalls Governance Grafana IPS IT infrastructure MITRE ATT&CK Monitoring NIST OWASP Prometheus Security Assessment Report Security strategy Strategy

Region: Asia/Pacific
Country: Hong Kong

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.