2026 Market Insights & Salary Guide
Explore the latest hiring trends and in-demand skills shaping the employment landscape in 2026 to guide your hiring strategies or job search.
- Posted 06 March 2026
- SalaryNegotiable
- LocationHong Kong
- Job type Permanent
- DisciplineTechnology
- Reference556846_1772784464
Back to jobs
Featured
Application Security Manager
Job description
Job Responsibilities
- Drive ongoing enhancement of Application Security practices across the full application lifecycle, including web systems, APIs, WeChat MiniApps, and cloud‑native/containerized environments.
- Work closely with infrastructure and application teams to define realistic remediation plans, resolve vulnerabilities, and reduce overall attack surface and cyber risks.
- Conduct security risk assessments for systems during design, onboarding, major updates, and migrations, covering areas such as authentication, authorization, access control, API exposure, data flows, and trust boundaries.
- Identify security weaknesses across infrastructure, applications, and cloud platforms, and lead end‑to‑end security initiatives-from evaluating solutions and selecting tools to designing architecture, implementing controls, testing, and handing over to operations.
- Oversee a small team responsible for security hardening and compliance checks for cloud environments (Alibaba Cloud, AWS, Azure), servers, databases, networks, and Kubernetes/container platforms.
- Provide guidance to junior staff on improving operational processes for security technologies such as Palo Alto Cortex, Microsoft 365 Security, PAM solutions, Nessus Pro, UEM platforms, and red‑team testing workflows.
Job Requirements
- Bachelor's degree in Computer Science, Information Systems, Business Computing, or similar fields.
- At least 5 years of IT security experience; exposure to the property management industry is a plus.
- Security certifications such as CISSP, SSCP, OSCP, or relevant cloud and application security credentials are advantageous.
- Strong understanding and practical experience with common attack patterns-especially application‑focused threats (e.g., OWASP Top 10, MITRE ATT&CK)-and familiarity with defensive controls such as WAF, RASP, SAST, and DAST.
- Experience embedding application security into the SDLC or implementing DevSecOps practices.
- Ability to recommend and manage multilayered security controls across production systems, platform configurations, logging, and protective measures with clear effectiveness metrics.
- Practical experience in infrastructure and application security, including endpoint, email, container, web, API, NGFW, and operating system security.
- Knowledge of vulnerability management, cyber hygiene, and common methods for network and web application testing.
- Effective communication skills, with the ability to explain security concepts to both technical and non‑technical audiences.