Security Specialist (Red Team / Penetration Testing)
Plan, execute, and report Red Team operations, including adversary simulation, attack path mapping, and exploitation.
Perform full‑scope penetration testing (infrastructure, AD, cloud, web/mobile applications).
Develop and execute custom attack scenarios aligned to MITRE ATT&CK frameworks.
Identify vulnerabilities and provide actionable remediation guidance to technology and business stakeholders.
Conduct phishing, social engineering, and lateral movement testing across enterprise environments.
Produce professional reports for cybersecurity leadership and regulatory reviews.
Stay current with emerging exploits, TTPs, and offensive tooling.
4 – 8 years of hands‑on experience in offensive security / red teaming / pentesting.
Strong knowledge of exploitation techniques, AD attack paths, privilege escalation, lateral movement, and evasion.
Solid experience with offensive frameworks/tools such as:
Hands‑on experience with Active Directory security, Windows/Linux exploitation, and cloud (Azure/AWS) attack simulation preferred.
Professional certifications are highly advantageous:
OSCP, OSEP, OSWE, OSCE3, CRTP, CRTE, CREST CRT/CPSA, or similar.
Experience in banking, fintech, or regulated environments (HKMA, GL20, C‑RAF) is a plus.
Strong communication skills in English; Cantonese/Mandarin an advantage.
