Cyber Security Analyst

Come and join a Winning TeamBe remarkable. Be yourself.

Why Should You Join Us?

At ASW, we believe in our people, in teamwork and the importance of your personal growth. If you are looking for the opportunity to join our award-winning international family with over 17,000 stores across 31 markets in Asia and Europe, the ASW family welcomes you…You can enjoy:

• Convenient office location, less than 5 min. walk from MTRFree round-trip lunchtime shuttle bus services to Shatin
• Comprehensive Medical and Life insurance coverage, including your spouse and children
• Well-equipped Gym inside our office building
• Onsite Clinic and Lactation Room
• Purpose & Impact:

This role exists to protect and strengthen our cloud‑native and microservices ecosystem, ensuring our platforms remain secure, resilient, and trusted as the business scales.

By embedding security directly into how we build and run containers, you help engineering teams move fast with confidence—putting a smile on customers’ faces by safeguarding their data, services, and digital experiences across our O+O (Offline + Online) business model.

Core Capabilities You Will Apply Daily:

Cloud‑Native Security Ownership: Own and continuously tune our CNAPP platform to deliver runtime threat detection, vulnerability visibility, compliance posture, and CSPM — applying a customer‑focused mindset grounded in measurable, data‑driven outcomes.

Runtime Threat Detection & Incident Response: Monitor container runtime behaviour, investigate alerts, and lead cloud‑native incident triage in close collaboration with engineering and operations teams.

Kubernetes Security Hardening: Assess and harden Kubernetes clusters against CIS Benchmarks and NSA/CISA guidance, using a scientific and risk‑based approach to reduce attack surface at scale.

Container Image & Supply Chain Security: Maintain continuous visibility of image vulnerabilities across registries and production workloads, enabling secure delivery across both online platforms and offline‑integrated services.

Vulnerability & CVE Lifecycle Management: Classify, track, and manage CVEs end‑to‑end—partnering with engineers on remediation while supporting informed residual risk decisions.

Secure Infrastructure‑as‑Code Enablement: Embed security requirements into Terraform, Helm, and Kustomize workflows, making security a shared capability rather than a bottleneck.

Security Knowledge & Playbook Development: Build clear runbooks, playbooks, and baseline standards that help teams operate securely and consistently across environments.

What This Role Suits In You:

You are someone who consistently demonstrates:

• Hands‑on experience securing cloud‑native, containerised, or microservices environments
• Confidence working with CNAPP platforms (e.g. Sysdig, Neu
• Vector, Aqua, Prisma Cloud, Lacework, Wiz) for policy management and alert triage
• Strong understanding of container security concepts: image hardening, runtime protection, registry scanning, and supply chain risk
• Practical exposure to Kubernetes security and cloud infrastructure
• Clear communication skills in English (written & spoken) and Cantonese (spoken), enabling effective stakeholder and team collaboration
• What Drives Success

In This Role

Success depends on consistently demonstrates:

• Proactive ownership of security posture in fast‑moving, cloud‑native environments
• Ability to partner with engineers and DevOps teams to shift security left without slowing delivery
• Strong judgement in prioritising risk, responding to incidents, and managing vulnerabilities pragmatically
• Curiosity and continuous learning in cloud security, DevSecOps, and modern threat landscapes
• Discipline in documentation, measurement, and building defensible security baselines
• What is holding you back?

Grasp this opportunity and don't let this great chance to shape your life slip away!

Apply now!

We are an equal opportunity employer and welcome applications from all qualified candidates. The information provided will be treated in strict confidence and be used only for consideration of your application for relevant / similar posts within the AS Watson Group.

Applicants not hearing from us within 6 weeks from the date of advertisement may consider their applications unsuccessful. All personal data of unsuccessful applicants will be destroyed within 12 months from the date of application.