Hong Kong, Hong Kong, Hong Kong Employment

Futu Holdings is hiring a Penetration Testing Engineer

About the Role

Futu Holdings is looking for a Penetration Testing Engineer to conduct vulnerability discovery and penetration testing for our application systems, servers, and network infrastructure. You will be responsible for performing regular cybersecurity assessments and producing detailed reports on your findings.

What You'll Do

Conduct vulnerability discovery and penetration testing for company application systems, servers, and network infrastructure.
Deeply understand various business transaction characteristics and associated risks.
Perform regular cybersecurity assessments, including penetration tests for web applications, mobile apps, APIs, and internal systems.
Identify vulnerabilities, provide remediation recommendations, and evaluate the defensive capabilities of fintech systems.
Produce detailed penetration test reports outlining vulnerability risk levels, potential impact, and mitigation measures.
Present findings to technical teams and management.
Assist in security incident response, analyze attack vectors, and support forensic investigations.
Stay updated on the latest security vulnerabilities and offensive/defensive techniques to continuously improve testing methodologies.

What We're Looking For

Bachelor's degree or higher in Computer Science, Information Security, or a related field.
Knowledge of blockchain technology is required.
Familiar with web, application, and network security offensive and defensive techniques; capable of performing penetration testing tasks under guidance.
Proficient in common attack methods, principles, and countermeasures, including OWASP Top 10 vulnerabilities, middleware (nginx, Apache, Tomcat, etc.), and open-source component vulnerabilities.
Familiar with penetration testing tools such as Burp Suite, SQLMap, Nmap, and the Metasploit penetration testing framework.
Ability to utilize scripting languages (Python, Shell) for task automation and data analysis to rapidly diagnose and resolve cybersecurity incidents.

Nice to Have

Candidates with experience in cyber defense exercises (such as China's 'Huwang Actions') are preferred.

Technical Stack

Scripting Languages: Python, Shell
Penetration Testing Tools: Burp Suite, SQLMap, Nmap, Metasploit
Middleware/Web Servers: nginx, Apache, Tomcat

Futu Holdings is an equal opportunity employer.

Required Skills

PythonShellBurp SuiteSQLMapNmapMetasploitnginxApacheTomcatOWASP Top 10BlockchainPenetration TestingLog4jFastjson

Need to work legally in Thailand?

Work permits without the paperwork nightmare

Thai immigration rules are strict and easy to get wrong. SVBL handles the bureaucracy — correct visa type, proper documentation, timely submissions. You focus on your work.

Right visa type for your situation

Document preparation & submission

Deadline tracking & renewals

Direct liaison with immigration

Talk to an expert

10+ years experience

About company

Listed on Nasdaq, Futu Holdings (FUTU) is a global fintech company behind the advanced digital brokerage platforms moomoo and Futubull, serving millions of users worldwide. We are a technology-driven company delivering secure, seamless access to global markets and reshaping the personal investing experience.

Visit website

Job Details

Department Information Technology

Category security

Posted 14 days ago