Born from Hong Kong's demand for fast, convenient, and reliable payment solutions, Octopus introduced the world's first contactless multi-modal transit payment system in 1997. Since then, this homegrown FinTech company has pioneered innovative payment solutions for urban living across four continents. Our Vision To become the most preferred payment and lifestyle companion that connects customers and business partners through our best-in-class products and services. Our Mission Making everyday life easier. Our Values Customer Centricity, Simplicity & Trustworthiness. Dedicated to addressing customer needs and adapting to evolving market trends, Octopus has broadened its services beyond transportation to encompass retail, e-commerce, cross-border transactions, and travel abroad. Today, we serve approximately 98% of Hong Kong’s population, processing around 15 million transactions at more than HK$300 million on average daily. At the heart of our success are our colleagues. We value mutual respect, foster collaboration, and encourage innovation and partnership. Join us and shape the future of payment solutions. Your impact starts here!
Job Responsibilities:
• Build, lead and manage an internal cybersecurity red-team function, including planning and executing penetration testing and threat simulation exercises
• Design and execute red-team initiatives, collaborate with stakeholders to define objectives, scope, and success criteria
• Test and validate the effectiveness of security controls by using red-team approach
• Review and analyze Endpoint Detection & Response alerts to identify potential breaches, suspicious activities, and advanced attack attempts
• Conduct compromise assessments to identify signs of prior or ongoing unauthorized access to improve detection capabilities and validate security posture
• Coordinate purple team exercises and work closely with blue team and other security functions to improve detection and response capabilities through these exercises
• Provide detailed reports and executive-level presentations on findings, risk impact, and remediation recommendations
• Stay ahead of emerging attack techniques, tools, and threat actor behaviors to enhance testing methodologies
• Mentor and guide team members, fostering a culture of continuous improvement and technical excellence
• Keep abreast of the latest technologies such as cloud computing and mobile devices, and the corresponding security challenges as well as controls
Requirements:
• Degree holder in Information Security, IT, Computer Science or other related disciplines
• Minimum 6 years of work experience in IT security or equivalent with at least 3 years in offensive security or red teaming
• Proven experience in offensive security and red teaming including but not limited to penetration testing, exploit development, and adversary simulation
• Strong knowledge of attack techniques across network, application, cloud, and endpoint environments
• Familiar with frameworks such as MITRE ATT&CK, OWASP, and threat intelligence integration
• Hands-on experience with tools such as Cobalt Strike, Metasploit, Burp Suite, and custom attack frameworks
• Knowledgeable in social engineering, physical security and threat simulation
• Knowledgeable in TCP/IP, Linux/UNIX System Administration, and Windows System Administration
• Knowledge of Database Administration, Network Security, Mobile Technology, Cloud Security, Application Security, Active Directory Security and Virtualization Technology
• Knowledge of Core Java / C / C++ / Python is preferred
• Experience in security auditing for identifying weakness is preferred
• Experience in cybercrime and cybersecurity incident investigation is preferred
• Familiar with information security standards such as ISO27001 and HKMA C-RAF is a plus
• Good problem solving and trouble shooting skills
• Effective communication and interpersonal skills
• Able to work under pressure, self-motivated and good team player
• Passionate about technology and cyber security
• Holder of offensive security certificates such as CEH, OSCP, OSCE, OSEP, GPEN, CREST CRT
• Holder of other security certificates such as CISA, CISM, CISSP, CISP is preferred
We offer successful candidate an attractive remuneration package and excellent career prospects. Interested parties please send your resume, present and expected salary, contact details and quoting the reference number by clicking "Apply Now"
Visit our web site: http://www.octopus.com.hk/
The personal data collected will be used for recruitment purposes only. If you are not contacted by us within six weeks, you may consider your application unsuccessful. Personal data with an unsuccessful applicant will be destroyed 12 months after rejection of the application. During this retention period, you have the right to request for correction or destruction of your personal data at any time. Any request for the correction or destruction of personal data should be addressed in writing to our Human Resources & Administration Department.
Octopus is an equal opportunity employer and all employment decisions and Human Resources policies are administered; especially those relating to recruitment & selection, compensation & benefits, promotion & transfer, training & development and termination & redundancy; without discrimination on the basis of age, race, colour, religion,sex, national origin, marital status, pregnancy, physical and mental disability and family status but on genuine occupational qualification, job performance, employees’ ability and internal/ external relativities.
