AppSec Analyst/PERM/Cantonese/30,000-45,000 HKD P/M

Role: Application Security Analyst

Location: Onsite (Kwai Hing)

Travel: Business Travel Required (Approx. 2x per annum)

Position Overview

Our client is seeking an Application Security Analyst to serve as a key technical advisor for secure software development. In this role, you will bridge the gap between security and engineering, driving hands-on vulnerability testing and proactive code reviews. You will be ensuring that global applications are secure-by-design before they reach production.

Key Responsibilities

Testing & Analysis

• Vulnerability Assessment: Perform manual and automated testing of applications, APIs, and mobile platforms to identify security flaws.
• Tool Advocacy: Utilize SAST/DAST tools (e.g., Burp Suite, SonarQube, Fortify) and conduct root cause analysis of findings.
• Framework Improvement: Maintain and evolve testing methodologies to keep pace with emerging threats.

Development Engagement

• Advisory & Review: Collaborate with dev teams to review code and architecture, providing "developer-friendly" guidance on secure design.
• Secure Coding: Educate engineering teams on OWASP Top 10 and CWE standards through workshops and coaching.
• SDLC Integration: Embed security practices directly into CI/CD pipelines and the broader DevSecOps culture.

Remediation & Guidance

• Fix Support: Offer practical, actionable solutions for vulnerabilities identified during testing.
• Risk Management: Partner with stakeholders to prioritize remediation based on business impact.
• Lifecycle Tracking: Monitor remediation progress to ensure timely and effective closure of security issues.

Candidate Requirements

Background & Experience

• Education: Degree in Computer Science, IT, or a related technical field.
• Experience: Minimum 5 years in IT, with at least 3 years focused on application development and security testing.
• Environment: Experience operating within a global enterprise or a large-scale agile environment.

Core Technical Skills

• AppSec Fundamentals: Deep understanding of secure coding, OWASP, and vulnerability scoring (CVSS).
• Coding Proficiency: Strong hands-on ability in at least one language (e.g., Java, Python, C#).
• Tooling: Skilled in using Burp Suite and modern SAST/DAST/IaC tools.
• Modern Infrastructure: Familiarity with CI/CD pipelines, cloud architectures, and containerization.

Communication & Language

• Soft Skills: Proven ability to translate complex technical issues into clear, business-relevant terms.
• Languages: Excellent command of English and Cantonese; Mandarin is an advantage.

Preferred Qualifications

• Relevant certifications: OSCP, CISSP, GWEB, or GPEN.
• Direct experience in delivering secure code training or establishing security champion programs.

Argyll Scott Asia is acting as an Employment Agency in relation to this vacancy.