🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Cookies & analytics consent
We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
Read how we use data in our Privacy Policy and Terms of Service.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
PFCC Group • Hong Kong, Hong Kong Island, Hong Kong S.A.R.
Role & seniority: Senior Penetration Testing Manager; technical leader, line manager, and service owner for penetration testing and red team engagements.
Stack/tools: Offensive security tools (Metasploit, Burp Suite Pro, Cobalt Strike, Nmap); cloud security (AWS, Azure, GCP); scripting (Python, Bash, PowerShell); web/mobile, network, social engineering; red team capabilities.
Lead, mentor, and manage a team of testers; define methodology, standards, and QA for engagements.
Oversee planning, scoping, and delivery of complex security assessments; ensure report quality and actionable remediation guidance; manage client relationships and stakeholder communications.
Evolve services with new attack techniques, threat intel, and adversary simulations; align with regulatory and organizational security strategy.
10+ years in information security; 7+ years hands-on pentesting; 3+ years in technical leadership/management.
Deep expertise across web/mobile security, network pentesting, cloud security, and social engineering.
Proficiency with offensive tools and exploitation/post-exploitation methods; scripting in Python/Bash/PowerShell.
Certifications such as OSCP/OSCE/GPEN/CREST; experience managing security testing portfolios; strong client-facing and reporting abilities.
Red team/adversary simulation experience; SDLC/DevSecOps knowledge.
Familiarity with Hong Kong regulatory framew
Our client is seeking a Senior Penetration Testing Manager who provide strategic leadership and technical direction for a comprehensive penetration testing and red team service. This role is responsible for managing a team of highly skilled ethical hackers and overseeing a portfolio of security assessments designed to proactively identify and mitigate critical security vulnerabilities across a complex technology estate, including web and mobile applications, network infrastructure, cloud environments, and bespoke systems.
Key Responsibilities
Technical Leadership & Team Management Provides technical leadership, mentorship, and line management to a team of penetration testers and security consultants. Defines and maintains the technical methodology, standards, and quality assurance processes for all penetration testing and red team engagements. Manages resource allocation, project scheduling, and the end-to-end delivery of complex security assessment projects.
Service Delivery & Project Oversight Oversees the planning, scoping, and execution of sophisticated penetration tests, red team exercises, and advanced security simulations. Ensures the quality, accuracy, and business relevance of all security assessment reports and deliverables. Manages client relationships and stakeholder communication for high-profile engagements, presenting complex technical findings to both technical and executive audiences. Coordinates with internal technology and development teams to validate findings and advise on remediation strategies.
Strategy & Capability Development Drives the continuous evolution of the penetration testing service, incorporating new attack techniques, tools, and threat intelligence relevant to the Hong Kong and regional threat landscape. Develops and maintains a red teaming capability to simulate advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). Contributes to the broader cybersecurity strategy by providing expert insights on offensive security controls and emerging threats.
Operational & Compliance Excellence Ensures all offensive security activities are conducted within a robust legal and ethical framework, with appropriate authorisation and oversight. Maintains awareness of relevant industry regulations and compliance requirements in Hong Kong.
Qualifications & Experience
Essential Requirements A bachelor's degree or higher in Computer Science, Information Security, or a related technical discipline. A minimum of 10 years of professional experience in information security, with at least 7 years in hands-on penetration testing and 3 years in a technical leadership or management role. Proven experience in managing a team of penetration testers and delivering a portfolio of security testing services.
Deep, practical expertise in multiple testing domains: web/mobile application security, network penetration testing, cloud security (AWS, Azure, GCP), and social engineering. Expert-level knowledge of offensive security tools (e.g., Metasploit, Burp Suite Pro, Cobalt Strike, Nmap), exploitation techniques, and post-exploitation methodologies. Extensive experience in scripting and automation for security testing (e.g., Python, Bash, PowerShell). Hold current, recognised industry certifications such as OSCP, OSCE, GPEN, or CREST Certified Tester.
Preferred Competencies
Experience in building and leading a red team or conducting adversary simulation exercises. Knowledge of secure development lifecycles (SDLC) and DevSecOps principles. Familiarity with Hong Kong-specific regulatory frameworks and cybersecurity guidelines. Excellent written and verbal communication skills in English; proficiency in Cantonese and/or Mandarin is advantageous. A strong personal ethos of professional integrity and ethical conduct.