Cathay Pacific is an iconic and award-winning brand, headquartered in Hong Kong. As part of the oneworld alliance, they serve over 200 destinations in over 50 countries across the world.
Security Testing Lead
Hong Kong
Reports to: IT Risk & Security Manager

Department: IMT - Information Technology

This role is responsible for providing strong test leadership into and coordination of testing services to meet project requirements during Security Testing (ST) across all solution centres. In addition to supporting ST, you will also be responsible for implementing, maintaining and enforcing processes and standards in support of the ST methodology within Cathay Pacific (CX) standards, including but not limited to vulnerability assessment, penetration testing, security hardening and configuration review, and provide application and infrastructure recommendations to the project required.

The Security Testing Lead is required to have strong skillset in Quality Assurance (QA) of external testing resources and established vendor management skills to ensure deliverables are of high quality and compliant to CX policies and standards.

You will also be responsible for management of the Quality Control (QC) process within BAU and PVT projects to ensure the deliverables of external partners meet CX quality.

Key Responsibilities:
  • Empower testing discipline by driving and implementing security testing framework and process into SDLC across project and BAU cycle
  • Oversee the Quality Assurance of the delivery, including but not limited to security test documents, test execution approaches, to ensure the security tests are fit-for-purpose across all key application and infrastructure for BAU security testing
  • Manage test vendors delivery quality including review of testing pass/fail criteria, ensuring standards for stakeholder acceptance is in place and ensuring that the defined security test scenarios are adequately cover the security non-functional requirements
  • Accountable for ensuring all security requirements according to policies and guidelines are examined and feasible recommendations for any findings are provided by the relevant test vendor or internal resources
  • Liaise and prioritize security testing resources to ensure multiple project and BAU security testing is delivered timely and effectively base on priority and criticality
  • Manage and coach internal Security Testing team resources to ensure resources are properly utilized in projects and BAU testing
  • Adopt risk-based approach to translate technology risk into actual business impacts and prioritized actions
  • Prepare and propose any security tools to facilitate qualitative security testing
  • Provide requirements to facilitate testing environment establishment that enable the successful completion of the security testing
  • Report and record all findings and communicate any residual risk to the relevant Operations Team
  • Cross- team collaboration with test vendors and internal resources to improve the security testing methodology
  • Keep abreast of the latest trends in cyberattacks and understand the implication to testing methods
  • Cross- team collaboration with Security Operations and Security Governance on developing new Security testing process to enhance CPA security assurance level
  • Conduct training on security testing methodologies and techniques to IT teams and security testing team
  • Drive to promote secure coding best practice to developers

Qualifications/ Experience:
  • Over eight years' experience in IT security function with more than five years' experience in security testing
  • Degree-level qualification in IT or business-related discipline is essential
  • Certification in information security and penetration testing discipline such as SANS-GWAPT CISA, CISM, CISSP, ISO27001 is mandatory
  • Expert level knowledge of security-related attacks, security testing methodologies, standards and assessment tools
  • Strong experience in vendor management
  • Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc.
  • Expert knowledge on security solutions and tools, e.g.: Tenable Nessus, Nmap, Burp, IBM AppScan, Zap, Kali Linux etc.
  • Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
  • Strong interpersonal skills and able to maintain good relationship with others
  • Proven management experience is a plus
  • Proactive and willing to accept and drive changes to accomplish positive outcomes
  • Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
  • Focus on the end users or customers' needs; ability to set expectations and understand end user behavior

Application deadline: 03 September 2020

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.
A.S. Watson Group | Hong Kong

The Digital Marketing Intern will be supporting the digital marketing and business development team in ad-hoc research, assist in developing social strategies and upcoming Online + Offline projects fo...

1 month ago
JOS | Singapore

• Liaise and coordinate with third party vendors for replacement parts/components and rectification of faults if the equipment is under warranty or under some form of maintenance contract between the ...

1 month ago
idNerd Studio | Hong Kong

idNerd Studio is looking for talented 3D Animator (Generalist) to join our growing team. This position will be offer initially as contract based position (project based, with a possibility to convert ...

1 month ago
JOS | Hong Kong

All personal data of unsuccessful applicants will be destroyed within two years. Applicants who are not invited for an interview within 3 weeks may consider their application unsuccessful. We are an E...

1 month ago
JOS | Singapore

• Troubleshoot, repaired software and hardware problems on PCs, laptops, workstations, Server and printers • Consulted individuals and groups on computer equipment needs and recommended upgrade option...

1 month ago