Technical Manager, Security Operations Centre

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Monitor and analyse security events from EDR, NDR, SIEM, and other threat detection platforms
• Work with MSSP to ensure timely delivery of monitoring, alerting, and incident response services aligned with internal standards
• Work with the defence engineering team to conduct fine-tuning of detection rules and alert thresholds, enhancing accuracy and reducing false positives
• Utilise threat intelligence sources to enrich investigations with contextual data, IOCs, and insights on attacker TTPs
• Maintain up-to-date knowledge of emerging threats, vulnerabilities, and attack techniques
• Perform proactive threat hunting to identify undetected threats within the environment
• Investigate and respond to cybersecurity incidents in a timely and effective manner
• Perform advanced threat analysis and recommend appropriate remediation actions
• Conduct root cause analysis to identify vulnerabilities and prevent recurrence
• Collaborate with other relevant stakeholders during incident response
• Escalate high-severity incidents and provide timely updates to stakeholders
• Ensure proper documentation and closure of all security incidents in the incident management system
• Document incident handling procedures, investigation findings, and lessons learned
• Participate in post-incident reviews and contribute to the continuous improvement of SOC processes
• Develop and maintain incident response playbooks and runbooks
• Assist in the development and refinement of SOC workflows and standard operating procedures
• Participate in security drills, tabletop exercises, and readiness assessments
• Support compliance and audit requirements by providing incident records and technical evidence
• Support race day duties as part of the SOC’s operational coverage

About You

You should have:

• Bachelor’s or Master’s degree with a strong technical background, particularly in Computer Science, Cybersecurity, Information Systems, or a related field
• Certification in good standing, for one or more of the following would be an added advantage:
  • CISA - Certified Information Systems Auditor 
  • CISSP – Certified Information Systems Security Professional
  • GIAC GCFA – GIAC Certified Forensics Analyst
  • GIAC GCIH – GIAC Certified Incident Handler
  • GIAC GSOC – GIAC Security Operations Certified
  • GCTI – GIAC Cyber Threat Intelligence
  • CTIA – EC‑Council Certified Threat Intelligence Analyst
• Minimum 5+ years of professional experience in IT and cybersecurity, with at least 3 years of hands-on experience in Security Operations Centre (SOC) operations
• Solid understanding of incident response frameworks, particularly the NIST Computer Security Incident Handling Guide (SP 800-61)
• Hands-on experience with Security Information and Event Management (SIEM) platforms and incident management systems for triage, investigation, and reporting
• Experience working with EDR/NDR platforms, including tuning, alert validation, and integration with SOC workflows
• Strong knowledge of OWASP Top 10 vulnerabilities and DDoS attack techniques, including mitigation strategies and protection mechanisms
• Experience across cybersecurity domains, including both offensive (e.g., penetration testing, red teaming) and defensive (e.g., blue teaming, threat detection) practices
• Experience with public cloud security, including native security tools and cloud-specific threat detection
• Strong understanding of TCP/IP networking principles, including packet analysis, protocol behaviour, and network-based threat detection
• Deep technical expertise in Windows, Linux and MAC operating systems, particularly in areas related to log analysis and endpoint security
• Proven ability to collaborate with cross-functional teams, including engineering, infrastructure, and external MSSPs, to drive incident resolution and improve detection capabilities

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.