About Us:

Founded in 1956, Maxim’s Group is one of Asia’s leading food and beverage companies, operating Chinese, Western, Japanese and Southeast Asian restaurants, quick service outlets, bakery shops and cafes, and an institutional catering service. Maxim's Group also produces a range of festive products, including the award-winning Hong Kong MX Mooncakes, and is a licensee of Starbucks Coffee, Genki Sushi, IPPUDO, The Cheesecake Factory and Shake Shack in various territories. Altogether, the Group has over 40,000 employees and 2,000 outlets in HK, China and South East Asia.

Proud of our heritage and humbled by our success, we are committed to a sustainable and innovative future. To learn more about Maxim’s, visit www.maxims.com.hk

Job Responsibilities:

• Conduct technical security assessments on IT and digital initiatives, with a focus on application security
• Identify and mitigate security vulnerabilities in applications, APIs, and software development processes
• Collaborate with development teams to integrate security practices into the Software Development Lifecycle (SDLC) and CI/CD pipelines
• Develop and enforce secure coding standards and guidelines for application development
• Assess and implement tools and technologies for application security testing (e.g., SAST, DAST, SCA)
• Provide awareness training on application security best practices
• Investigate and manage application-related cybersecurity incidents
• Stay updated on emerging application security threats and trends to proactively address risks
• Assist in defining technical solutions to protect company assets, with a focus on application security
• Regularly review internal policies and global standards (e.g., NIST, ISO 27001, PCI DSS) to ensure ongoing compliance
• Assist IT teams in internal and external audits, including pre-audit review, liaison with auditors and stakeholders, and post-audit follow-up
• Investigate and manage cyber security incidents

Job Requirements:

• Minimum 8 years or more of hands-on experience in application security, preferably in a sizable organization with a regional presence in AP (e.g., China, Southeast Asian Market)
• Strong practical experience in application security testing, vulnerability management, and secure coding practices
• Familiarity with application security tools (e.g., Burp Suite, Veracode, SonarQube, OWASP ZAP) and methodologies (e.g., OWASP Top 10)
• Knowledge of integrating security into DevOps practices (DevSecOps) and CI/CD pipelines
• Excellent communication and interpersonal skills to collaborate with development teams and stakeholders
• Proactive, problem-solving mindset with the ability to work under pressure
• Possession of relevant certifications (e.g., OSCP, CISSP, CEH, GWAPT, CSSLP) is a strong advantage

Interested parties please apply with full resume, state current and expected salaries by clicking "Apply Now".

All applications and data collected will be treated in strict confidence and used exclusively for recruitment purposes. Only short listed candidates will be invited for interview. The company will retain the applications for a maximum period of 24 months and may refer suitable candidates to other vacancies within the Group.