Information Security Analyst - Hong Kong Jockey Club
Work with business and IT stakeholders to schedule and perform system and network vulnerability scanning, classify and prioritise risks, and guide relevant stakeholders to ensure that systems and services that are either developed in-house or acquired commercially are secured against known attack vectors and prevalent threats.
Perform threat assessment and patch management advisory operations via analysis of open and commercial security intelligence feeds, and ensure business and IT patch management teams comply with defined Service Level Agreements (SLAs) for security patch deployment.
Perform web scanning and automated code testing of in-house applications, and guide developers and IT colleagues on coding best practices and mitigations prior to production release to ensure that systems are resistant to known attack vectors, e.g. OWASP Top 10, when deployed.