Information Security Engineer – Associate - Security Services - IT at Hong Kong Exchanges and Clearing Limited (HKEX)

, , China -

Full Time

Start Date

Immediate

Expiry Date

09 Jan, 26

Salary

0.0

Posted On

11 Oct, 25

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, System Security Engineering, Endpoint Security, Identity Access Management, Application Control, Disaster Recovery, Automation, Scripting, Cloud Security, Network Protocols, Risk Control Frameworks, Problem Solving, Documentation, Collaboration, Presentation Skills, Project Planning

Industry

Financial Services

Description

Location: CN-Shenzhen-HyQ Shift: Scheduled Weekly Hours: 40 Worker Type: Permanent Job Summary: Job Duties: Company Introduction: We’re home to Asia's most dynamic and vibrant capital markets. Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day. HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all." Job Summary: The Information Security Engineer is part of the Information Security function, playing a key role in enhancing the organization security posture. The incumbent is responsible for designing, building, operating, and evolving enterprise IT security solutions to meet the organization’s security requirements, while engaging key stakeholders to deliver key security services. Job Duties: Job Responsibilities: Engineer, implement and monitor security measures for the protection of computer systems, networks and information. Configure and troubleshoot security infrastructure to ensure optimal performance and alignment with security policies. Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services. Support security tool enhancements and policy governance, including tasks such as reviewing and updating application control policies, managing user access profiles, and performing regular recertification of access rights. Tools involved may include application whitelisting platforms and Endpoint Detection & Response (EDR) solutions. Deliver and maintain core security services, such as integrating systems with Identity and Access Management (IAM) platforms (e.g., Privileged Identity Management and Identity Governance & Administration), maintaining system account inventories, and coordinating periodic access reviews and recertification campaigns. Ensure security tools are properly configured and maintained to support the detection of and response to cyber security threats (e.g., tuning alert rules, updating threat signatures, and integrating tools with incident response workflows). Conduct and document disaster recovery testing for security tools. Ensure smooth daily operations of account management processes, including reviewing system account requests for accuracy, identifying and resolving automation issues, and driving process improvements through automation and workflow optimization. Manage relationship with product vendors and suppliers to ensure timely maintenance, updates, and enhancements of security tools and solutions. Job Requirements: Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience. Proven work experience as a System Security Engineer or Information Security Engineer. Experience in building, maintaining and operating security systems and platforms. Hands on experience in EndPoint security (e.g., app control, EDR) and IAM (e.g., PIM, IGA) tools and related workflows. Understanding of the latest security principles, techniques, and protocols (such as zero trust, etc). Ability to work collaboratively in cross-functional teams and communicate effectively with technical and non-technical stakeholders. Good presentation, project planning and documentation skills. Problem solving skills and ability to work under pressure. Familiarity with web technologies (e.g., web applications, web Services, service-oriented architectures) and network/web protocols. Knowledge with application, database and operating system and cloud security (AWS or Huawei Cloud Stack) is an asset. Experience with scripting (e.g., Python) or automation tools (e.g., Ansible) is preferred. Understanding of risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP or NIST Cybersecurity Framework will be added advantage. Professional certifications such as CISSP, CISM, CEH, GIAC (e.g., GSEC, GCIA, GPEN), or AWS Certified Security will be added advantage . Company Introduction: ITD SZ 港交所科技（深圳）有限公司，是2016年12月28日于深圳市前海自贸区成立的外商独资企业。作为港交所的技术子公司，港交所科技（深圳）有限公司主要是为集团及其附属公司提供计算机软件、计算机硬件、信息系统、云存储、云计算、物联网和计算机网络的开发、技术服务、技术咨询、技术转让；经济信息咨询、企业管理咨询、商务信息咨询、商业信息咨询、信息系统设计、集成、运行维护；数据库管理、大数据分析；以承接服务外包方式提供系统应用管理和维护、信息技术支持管理、数据处理等信息技术和业务流程外包服务。 Hong Kong Exchanges and Clearing Limited (HKEX) is a publicly-traded company (HKEX Stock Code:388) and one of the world’s leading global exchange groups, offering a range of equity, derivative, commodity, fixed income and other financial markets, products and services, including the London Metals Exchange. As a superconnector and gateway between East and West, HKEX facilitates the two-way flow of capital, ideas and dialogue between China and the rest of world, through its pioneering Connect schemes, increasingly diversified product ecosystem and its deep, liquid and international markets. HKEX is a purpose-led organisation which, across its business and through the work of HKEX Foundation, seeks to connect, promote and progress its markets and the communities it supports for the prosperity of all. Discover the latest career opportunities and programmes at HKEX.

Responsibilities

The Information Security Engineer is responsible for designing, building, operating, and evolving enterprise IT security solutions. The role involves enhancing the organization's security posture and engaging key stakeholders to deliver essential security services.