Lead, Penetration Testing

About Mox

Mox is built by and for the ones who aspire to

live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together.

Why Mox

Mox helps you grow – your money, your world, your possibilities. We equip you with the financial management tools, information and insights you need to make your dreams, big or small, come true.

Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox.

Mox rewards you with an array of banking and lifestyle benefits. Who says banking can’t be fun?

Who are we looking for

As the Lead of the Digital Assurance function at Mox Bank, you will provide senior level hands-on cyber security expertise to ensure the confidentiality, integrity, and availability of systems.



  • Lead and perform hands-on penetration testing and vulnerability assessments on critical mobile (iOS and Android) and web applications, APIs, and cloud infrastructure to assess and validate security posture.

  • Conduct infrastructure code and application source code reviews to look for potential security gaps and make recommendations to appropriate stakeholders.

  • Drive and manage the overall BAU and project-based security assessment pipeline.

  • Proactively work with multiple technical and development stakeholders across the business to ensure security best practices are embedded into the earliest stages.

  • Drive the uplift and tuning of code security review and automated security scanning solutions.

  • Write high quality security reports on identified security vulnerabilities and provide steps for remediation.

  • Work alongside stakeholders to support and guide on remediation efforts.

  • Engage and manage security suppliers where applicable.

  • Deliver technical security education and awareness workshops to technology stakeholders.

  • Coach and mentor junior team members.


8+ Years’ experience in IT security related positions with a primary focus on penetration testing, application security, and vulnerability assessments. You should be able to demonstrate:

  • Passion for offensive security and assurance.

  • Deep understanding of penetration testing methodologies, vulnerability identification, and software security principles.

  • Being able to translate complex technical scenarios, cyber security specific threats, and related mitigating controls into a language that stakeholders at all levels can understand.

  • Strong knowledge of risk management guidelines and frameworks.

  • Hands-on threat, vulnerability, patching, and remediation management experience.

  • Ability to act calmly and competently in high-pressure, high-stress situations.

  • Must be a critical thinker, with strong problem-solving skills and analytical skills.

  • Excellent time management skills and ability to manage multiple projects under strict timelines.

  • Development and automation experience in one or more programming languages are highly desired.

  • Previous experience working in a cloud environment is highly desired.

  • Experience or exposure to Intelligence-Led Penetration Testing and Red Teaming are highly desired.

  • Ability to contribute in a team environment.

  • One of more industry-recognised certifications in penetration testing (OSCP, OSWE, CREST CCT / CRT, GWAPT, GPEN, etc.).

  • Desirable industry recognised certifications in Cyber Security (CISSP, CISM, SSCP, etc).

  • Participation in relevant Cyber Security industry forums is desirable.

  • Familiar with technology regulations, e.g., HKMA TM-G-1 and TM-E-1, is a plus.