Technical Manager, Vulnerability Management

Who are we?

We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen.

Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.

What do we do?

We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences.

We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.

The Department

The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China.

As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.

The Job

You will:

• Lead and manage end-to-end penetration testing services, ensuring execution across all engagements to identify security weaknesses within the organisation’s applications and environments
• Act as a Subject Matter Expert to support and respond to penetration testing-related requests, proactively anticipate needs (e.g. project requirements) and propose workable solutions
• Manage/conduct penetration testing and vulnerability management assessments, namely:
  • System and infrastructure-based security assessments
  • Web application security assessments
  • Mobile application security assessments
  • Vulnerability scanning
• Identify and exploit vulnerabilities using manual techniques and automated tools
• Develop custom scripts, payloads, and exploits to bypass security controls
• Document findings with detailed technical evidence and clear remediation guidance with recommended safeguards and compensating controls that meet the organisation’s cybersecurity standards
• Collaborate with stakeholders to communicate findings and track the status of follow-up actions to ensure timely identification of vulnerability remediation
• Design and maintain KRI dashboards to track cybersecurity posture and report penetration testing outcomes in monthly management reports
• Develop and maintain internal standards, methodologies, and documentation for penetration testing and vulnerability management processes
• Manage vendor relationships to ensure service quality and monitor performance against SLAs
• Undertake other duties assigned by Cyber Security Management
• Participate, contribute and help shape a diverse and inclusive culture with trust and respect. Play an active role to support cross-team/division/department efforts and model collaborative behaviours

About You

You should have:

• University degree in Computer Science, Information Security, and/or related discipline
• Industry-recognised certification in one or more of the following – OSCP, OSCE, OSWE, GPEN, CEH, CISSP, CISA, or equivalent
• 5 years or more of working experience in the penetration testing and vulnerability management domain across various disciplines
• Proven expertise in conducting application security assessments across web, mobile, and self-developed applications
• Strong service and a customer-focused approach to the service being delivered
• Excellent interpersonal, collaborative and communication skills
• Well-disciplined with exemplary professional competence and integrity
• Hands-on experience with industry-standard tools such as Kali Linux, Burp Suite, Qualys, Nessus, Nmap, Metasploit, Wireshark, etc.
• Deep technical knowledge in:

• • Operating systems: Windows, Linux, macOS
  • Offensive tooling and technique: Implant reverse shells, Command and Control (C2) infrastructure
  • Network and security architecture: TCP/IP, IDS/IPS, firewalls, WAFs, web content filtering
  • Cloud platform: Integrated security solutions across major cloud providers (e.g. AWS, Azure)
  • Application security: Coding practices and architecture design
• Demonstrated ability to perform penetration testing, vulnerability assessments, and security reviews for applications and infrastructure
• Contribute to the development and refinement of penetration testing and secure vulnerability management standards
• Experience participating in red team operations is desired
• Exploit research and development skills are a plus
• Source code review experience is a plus

Terms of Employment

The level of appointment will be commensurate with qualifications and experience.

How to Apply

Please submit your resume with expected salary by clicking the Apply Now button.

We are an equal opportunity employer. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and prospective employees relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.