Security Engineer – Assistant Vice President - Information Security – IT – at Hong Kong Exchanges and Clearing Limited (HKEX)

, Hong Kong, China -

Full Time

Start Date

Immediate

Expiry Date

29 Jan, 26

Salary

0.0

Posted On

01 Nov, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, System Security Engineering, Cyber Security, Vulnerability Management, Cloud Security, Firewalls, SIEM, Intrusion Detection Systems, Data Loss Prevention, Web Proxies, Scripting, Automation, Risk Control Frameworks, Project Planning, Documentation, Technical Communication

Industry

Financial Services

Description

Company Introduction: We’re home to Asia's most dynamic and vibrant capital markets. Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day. HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all." Job Summary: The Information Security Team consists of the security strategy and solution architecture team, the security engineering and operations team, the threat management team as well as the security governance business. This role sits within the security engineering team managing the build out and operations of the IT security solutions. Job Duties: As the Information Security Engineer of HKEX, you will be responsible for designing, building and maintaining enterprise IT security solutions to address the organization’s security requirements. Reporting to the Information Security Services Lead, this role you will have the opportunity to work closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and technology risk management teams. You play a key role in protecting the organization. Responsibilities: Engineer, implement and monitor security measures for the protection of computer systems, networks and information. Identify and define system security requirements. Design computer security architecture and develop detailed cyber security designs Configure and troubleshoot security systems and infrastructure devices Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks Maintain all solution design documentation, processes, procedures and report on metrics to demonstrate effective and efficient management of services. Work with handling service requests on security tool standard changes, such as proxy whitelisting requests Delivery security service on-boarding such as security agent install, connecting systems to SIEM Review IT systems to ensure that they have met security acceptance criteria. Work with product vendors and suppliers to maintain and enhance existing security tooling and products Ensure that the organization security tools can detect and help with the response to cyber security incidents. Document and validate disaster recovery testing for CyberSecurity tools. Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancements Support in managing the Total Cost of Ownership (TCO) for security solutions which includes new investments and business-as-usual financials. Design and execute processes to make BAU changes to security tools (e.g., web proxy changes, DLP mail rule changes, etc.) Automate or script changes and validation processes Requirements: University degree in Computer Science, Information Management, or related field, or equivalent experience. Proven work experience as a System Security Engineer or Information Security Engineer. Minimum 8 years of relevant work experience in building, maintaining and operating security systems and platforms. Hands on experience in a number of security technologies, including vulnerability management, cloud posture management, WAF, code security scan, SIEM, firewalls, intrusion detection systems, EDR, anti-virus software, authentication systems, log management, content filtering, data loss prevention systems, web proxies, SASE, PAM, SOAR, HSM, CA, etc. Thorough understanding of the latest security principles, techniques, and protocols (such as zero trust, etc.). Strong information security technology knowledge/concepts and can effectively communicate with senior management and a broad range of technical/non-technical audiences. Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols. Familiarity with application, database and operating system security Familiarity with cloud security technologies is preferred Familiarity with risk / control frameworks, such as Mitre ATT&CK, D3FEND, OWASP, NIST Cybersecurity Framework is an added advantage Familiarity in scripting or automation is an added advantage Familiarity with Identity and Lifecycle management is an advantage Good presentation, project planning and documentation skills Candidate with complimentary experiences and skills would also be considered HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace. Location: HKEX - TKO Shift: Standard - 40 Hours (Hong Kong SAR) Scheduled Weekly Hours: 40 Worker Type: Contract Hong Kong Exchanges and Clearing Limited (HKEX) is a publicly-traded company (HKEX Stock Code:388) and one of the world’s leading global exchange groups, offering a range of equity, derivative, commodity, fixed income and other financial markets, products and services, including the London Metals Exchange. As a superconnector and gateway between East and West, HKEX facilitates the two-way flow of capital, ideas and dialogue between China and the rest of world, through its pioneering Connect schemes, increasingly diversified product ecosystem and its deep, liquid and international markets. HKEX is a purpose-led organisation which, across its business and through the work of HKEX Foundation, seeks to connect, promote and progress its markets and the communities it supports for the prosperity of all. Discover the latest career opportunities and programmes at HKEX.

Responsibilities

Design, build, and maintain enterprise IT security solutions to meet the organization's security requirements. Engineer and monitor security measures for the protection of computer systems, networks, and information.