🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
PFCC Group • Hong Kong, Hong Kong Island, Hong Kong S.A.R.
Role & seniority: Senior Penetration Testing Manager (Mid-Senior level); full-time
Stack/tools: Offensive security tools (Metasploit, Burp Suite Pro, Cobalt Strike, Nmap); web/mobile security, network pen testing, cloud security (AWS/Azure/GCP); scripting in Python, Bash, PowerShell; red team/advanced threat simulation
Provide technical leadership, line management, and methodology/QA for penetration testing and red team engagements
Plan, scope, and deliver complex security assessments; ensure report quality and client/stakeholder communication
Evolve service capabilities with new attack techniques, threat intel, and red-teaming capabilities; ensure ethical/compliant operations
10+ years in information security; 7+ years hands-on pentesting; 3+ years in technical leadership
Deep expertise across web/mobile, network, cloud security; social engineering
Expertise with offensive tools, exploitation/post-exploitation; scripting/automation (Python, Bash, PowerShell)
Industry certifications (OSCP, OSCE, GPEN, CREST)
Red team leadership/adversary simulation experience
Knowledge of SDLC/DevSecOps; HK regulatory frameworks
English proficiency; Cantonese/Mandarin a plus; strong ethics
Location & work type: Hong Kong region focus; on-site/hybrid acceptable for leadership role; local regulatory awareness expected
Our client is seeking a Senior Penetration Testing Manager who provide strategic leadership and technical direction for a comprehensive penetration testing and red team service. This role is responsible for managing a team of highly skilled ethical hackers and overseeing a portfolio of security assessments designed to proactively identify and mitigate critical security vulnerabilities across a complex technology estate, including web and mobile applications, network infrastructure, cloud environments, and bespoke systems.
Key Responsibilities
Technical Leadership & Team Management Provides technical leadership, mentorship, and line management to a team of penetration testers and security consultants. Defines and maintains the technical methodology, standards, and quality assurance processes for all penetration testing and red team engagements. Manages resource allocation, project scheduling, and the end-to-end delivery of complex security assessment projects.
Service Delivery & Project Oversight Oversees the planning, scoping, and execution of sophisticated penetration tests, red team exercises, and advanced security simulations. Ensures the quality, accuracy, and business relevance of all security assessment reports and deliverables. Manages client relationships and stakeholder communication for high-profile engagements, presenting complex technical findings to both technical and executive audiences. Coordinates with internal technology and development teams to validate findings and advise on remediation strategies.
Strategy & Capability Development Drives the continuous evolution of the penetration testing service, incorporating new attack techniques, tools, and threat intelligence relevant to the Hong Kong and regional threat landscape. Develops and maintains a red teaming capability to simulate advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). Contributes to the broader cybersecurity strategy by providing expert insights on offensive security controls and emerging threats.
Operational & Compliance Excellence Ensures all offensive security activities are conducted within a robust legal and ethical framework, with appropriate authorisation and oversight. Maintains awareness of relevant industry regulations and compliance requirements in Hong Kong.
Qualifications & Experience
Essential Requirements A bachelor's degree or higher in Computer Science, Information Security, or a related technical discipline. A minimum of 10 years of professional experience in information security, with at least 7 years in hands-on penetration testing and 3 years in a technical leadership or management role. Proven experience in managing a team of penetration testers and delivering a portfolio of security testing services.
Deep, practical expertise in multiple testing domains: web/mobile application security, network penetration testing, cloud security (AWS, Azure, GCP), and social engineering. Expert-level knowledge of offensive security tools (e.g., Metasploit, Burp Suite Pro, Cobalt Strike, Nmap), exploitation techniques, and post-exploitation methodologies. Extensive experience in scripting and automation for security testing (e.g., Python, Bash, PowerShell). Hold current, recognised industry certifications such as OSCP, OSCE, GPEN, or CREST Certified Tester.
Preferred Competencies
Experience in building and leading a red team or conducting adversary simulation exercises. Knowledge of secure development lifecycles (SDLC) and DevSecOps principles. Familiarity with Hong Kong-specific regulatory frameworks and cybersecurity guidelines. Excellent written and verbal communication skills in English; proficiency in Cantonese and/or Mandarin is advantageous. A strong personal ethos of professional integrity and ethical conduct.
Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Technology, Information and Media and IT Services and IT Consulting