Reports to: Enterprise Testing Manager
This role is responsible for providing strong test leadership into and coordination of testing services to meet project requirements during Security Testing (ST) across all solution centres. In addition to supporting ST, you will also be responsible for implementing, maintaining and enforcing processes and standards in support of the ST methodology within Cathay Pacific (CX) standards, including but not limited to vulnerability assessment, penetration testing, security hardening and configuration review, and provide application and infrastructure recommendations to the project required.
The Security Testing Lead is required to have strong skillset in Quality Assurance (QA) of external testing resources and established vendor management skills to ensure deliverables are of high quality and compliant to CX policies and standards.
You will also be responsible for management of the Quality Control (QC) process within BAU and PVT projects to ensure the deliverables of external partners meet CX quality.
- Empower testing discipline by driving and implementing security testing framework and process into SDLC across project and BAU cycle
- Oversee the Quality Assurance of the delivery, including but not limited to security test documents, test execution approaches, to ensure the security tests are fit-for-purpose across all key application and infrastructure for BAU security testing
- Manage test vendors delivery quality including review of testing pass/fail criteria, ensuring standards for stakeholder acceptance is in place and ensuring that the defined security test scenarios are adequately cover the security non-functional requirements
- Accountable for ensuring all security requirements according to policies and guidelines are examined and feasible recommendations for any findings are provided by the relevant test vendor or internal resources
- Liaise and prioritize security testing resources to ensure multiple project and BAU security testing is delivered timely and effectively base on priority and criticality
- Manage and coach internal Security Testing team resources to ensure resources are properly utilized in projects and BAU testing
- Adopt risk-based approach to translate technology risk into actual business impacts and prioritized actions
- Prepare and propose any security tools to facilitate qualitative security testing
- Provide requirements to facilitate testing environment establishment that enable the successful completion of the security testing
- Report and record all findings and communicate any residual risk to the relevant Operations Team
- Cross- team collaboration with test vendors and internal resources to improve the security testing methodology
- Keep abreast of the latest trends in cyberattacks and understand the implication to testing methods
- Cross- team collaboration with Security Operations and Security Governance on developing new Security testing process to enhance CPA security assurance level
- Conduct training on security testing methodologies and techniques to IT teams and security testing team
- Drive to promote secure coding best practice to developers
- Over eight years’ experience in IT security function with more than five years’ experience in security testing
- Degree-level qualification in IT or business-related discipline is essential
- Certification in information security and penetration testing discipline such as SANS-GWAPT CISA, CISM, CISSP, ISO27001 is mandatory
- Expert level knowledge of security-related attacks, security testing methodologies, standards and assessment tools
- Strong experience in vendor management
- Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP Top 10, NIST, OSSTMM, OSINT etc.
- Expert knowledge on security solutions and tools, e.g.: Tenable Nessus, Nmap, Burp, IBM AppScan, Zap, Kali Linux etc.
- Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
- Strong interpersonal skills and able to maintain good relationship with others
- Proven management experience is a plus
- Proactive and willing to accept and drive changes to accomplish positive outcomes
- Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
- Focus on the end users or customers’ needs; ability to set expectations and understand end user behavior
Personal & Application Information
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.
Please note that with effect from 1 December 2021, all employees must be vaccinated in order to access Cathay City and all other Cathay Group Company premises in Hong Kong. Consideration will be given to those who are unable to get vaccinated for valid medical reasons.