🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
The Hong Kong Jockey Club • Sha Tin District, Hong Kong, China
Role & seniority: Lead Penetration Tester / senior cyber security professional; 10+ years in penetration testing and vulnerability management.
Stack/tools: Kali Linux, Burp Suite, Qualys, Nessus, Nmap, Metasploit, Wireshark; Windows/Linux/macOS; cloud security across major providers (AWS, Azure); offensive tooling, C2 infrastructure; web, mobile, and application security focus; familiarity with security dashboards/metrics.
Lead end-to-end penetration testing engagements across applications and environments; identify, validate, and exploit vulnerabilities; deliver remediation guidance.
Act as SME for penetration testing requests; coordinate testing activities (system/infrastructure, web, mobile) and vulnerability assessments; design dashboards/KRIs and report findings to management.
Engage stakeholders, manage vendor relationships, develop/maintain internal standards and documentation; support broader cyber security initiatives; promote cross-team collaboration.
University degree in CS/IT/cybersecurity or related field; industry certifications (OSCP/OSCE/OSWE/GPEN/CEH/CISSP/CISA or equivalent).
10+ years in penetration testing and vulnerability management; hands-on with Kali, Burp Suite, Qualys/Nessus/Nmap/Metasploit/Wireshark; deep knowledge of Windows/Linux/macOS, networks, cloud security (AWS/Azure), and application security.
Experience conducting pentests, vulnerability assessments, and security r
The Hong Kong Jockey Club Founded in 1884, The Hong Kong Jockey Club (“the Club”) is a world-class racing club that acts continuously for the betterment of our society. The Club has a unique integrated business model, comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution. Through this model, the Club generates economic and social value for the community and supports the HKSAR Government in combatting illegal gambling.Who are we? We are the IT Division of HKJC, a vibrant community of over 1,500 dedicated professionals working collaboratively across Hong Kong and Shenzhen. Our team is a diverse mix of individuals from various backgrounds, from all across the world. We embrace our humanity, recognizing that each of us brings unique strengths and perspectives. This diversity not only enriches our work environment but also drives our innovation and creativity as we strive to achieve our collective goals.What do we do? We design, build, and operate the technology that powers the Club. Our primary focus is on delivering the service that supports our hospitality, racing and wagering operations, to ensure that our customers and members enjoy exceptional experiences. We also deliver the changes necessary to drive business growth through new products and services. And, we are committed to safeguarding the Club by protecting it from external threats, providing a secure and resilient technological environment.The Department The Cyber Security Department is essential to the Club’s ongoing success, safeguarding information assets, IT systems, networks, and cloud platforms while ensuring the resilience and continuity of critical operations. Through the implementation of strong risk governance frameworks and cybersecurity standards, the department protects the Club against emerging threats and ensures compliance with regulatory requirements in Hong Kong and China. As the first line of defense, the department plays a key role in maintaining the Club’s reputation and operational resilience. Its core responsibilities include identifying and addressing vulnerabilities, protecting sensitive information, ensuring rapid incident response, overseeing access management, and promoting Club-wide cybersecurity awareness.The Job Lead and oversee penetration testing engagements end-to-end, ensuring high-quality execution across applications and environments to uncover and address security weaknesses Act as a trusted Subject Matter Expert, supporting penetration testing requests, anticipating project requirements, and providing practical, effective solutions
System and infrastructure security reviews Web application penetration testing Mobile application security testing Vulnerability scanning and prioritisation
Identify, validate, and exploit vulnerabilities using advanced manual techniques and automated tools to strengthen security posture Develop and refine custom scripts, payloads, and exploits to test resilience against security controls Deliver detailed technical reports and remediation guidance, ensuring findings are clearly documented and aligned with organisational cybersecurity standards Engage stakeholders to communicate findings and remediation priorities, tracking progress to ensure timely closure of vulnerabilities Design and maintain dashboards and metrics (KRIs) to monitor cybersecurity posture and provide regular reporting to management Contribute to the development and improvement of internal standards, methodologies, and documentation for penetration testing and vulnerability management Manage vendor relationships, ensuring service quality and monitoring performance against agreed SLAs Support broader cybersecurity initiatives by undertaking additional responsibilities as directed by Cyber Security Management Promote a collaborative and inclusive team culture, actively contributing to cross-team efforts and modelling cooperative behaviours About You University degree qualification in Computer Science, Information Technology, cybersecurity or related discipline Industry-recognised certification in one or more of the following – OSCP, OSCE, OSWE, GPEN, CEH, CISSP, CISA, or equivalent 10 years or more of working experience in the penetration testing and vulnerability management domain across various disciplines Hands-on experience with industry-standard tools such as Kali Linux, Burp Suite, Qualys, Nessus, Nmap, Metasploit, Wireshark, etc.
Operating systems: Windows, Linux, macOS
Offensive tooling and technique: Implant reverse shells, Command and Control (C2) infrastructure
Network and security architecture: TCP/IP, IDS/IPS, firewalls, WAFs, web content filtering
Cloud platform: Integrated security solutions across major cloud providers (e.g. AWS, Azure)
Application security: Coding practices and architecture design
Demonstrated ability to perform penetration testing, vulnerability assessments, and security reviews for applications and infrastructure Contribute to the development and refinement of penetration testing and secure vulnerability management standards Experience participating in red team operations is desired Exploit research and development skills are a plus Source code review experience is a plus Proven expertise in conducting application security assessments across web, mobile, and self-developed applications Strong service and a customer-focused approach to the service being delivered Excellent interpersonal, collaborative and communication skills Well-disciplined with exemplary professional competence and integrity Apply Now! We offer competitive salary and benefits packages, a dynamic working environment and development opportunities.
Add horsepower to your career today. Click the “Apply Now” button to create an account and submit your application.Equal Opportunity and Inclusive Hiring We are an equal opportunity employer and strive to create an inclusive workplace for all. Applicants from diverse backgrounds are welcomed to apply. If you have any special needs or require accommodations during the interview process, please e-mail us via careers@hkjc.org.hk. Personal data provided by job applicants will be used strictly in accordance with the Club's notice to employees and job applicants relating to the Personal Data (Privacy) Ordinance. A copy of which will be provided immediately upon request.