Vulnerability Assessment & Management Analyst (Officer)

About the Job

Location: Makati City

Corporate Title: Assistant Manager to Manager

Work Arrangement: Hybrid

Our Information Security & Data Protection Office team is looking for experienced professionals to join us in Makati City with the role of Vulnerability Assessment & Management Analyst

In this role you will provide expert advice and guidance on Information Security matters, ensuring stakeholders are well-informed for sound security decisions. Effectively support the Information Security team, fostering a positive and innovative work environment. You will also have to provide support a team of Vulnerability Assessment and Penetration Testing (VAPT) and Information Security/Risk Management security professionals.

Your dream. Our focus.

Whether you're just starting out, or already a seasoned professional, EastWest can help you unleash your potential, and bridge the gap between dream to success.

At EastWest, we empower our employees to drive their careers and are committed to provide the runway for them to grow. We value teamwork and individual initiative. Join us and be part of a highly engaged team, and a workplace that promotes development and goal attainment.

Over 29 years, EastWest has emerged as one of the most consumer-focused universal banks in the Philippines. EastWest is committed to continuously invest in people and in process, product, and service enhancements, and embrace new ideas to enhance the EastWest experience.

What the role will entail

• Support the provision of team direction and establish individual goals and objectives to ensure the effective performance of the red team. Coach and mentor staff to foster their professional development and ensure their performance goals are met.
• Support the execution of vulnerability assessment and penetration testing (VAPT) activities against a wide range of platforms, infrastructure, and applications. Oversee the identification and documentation of potential vulnerabilities to enhance the organization's cybersecurity posture.
• Ensure the inclusion of appropriate security controls in the design and development of new projects and/or key changes and the conduct of vetting processes to ensure adequate mitigation of vulnerabilities
• Support the development and implementation of innovative testing methodologies, tactics, techniques, and procedures to ensure the red team remains ahead of evolving attacker techniques. Adapt and refine testing approaches to maintain the effectiveness of red teaming efforts in the face of emerging cybersecurity threats.
• Support the preparation and delivery of comprehensive and well-documented reports highlighting identified vulnerabilities, including detailed mitigation strategies and recommendations for improvement. Present findings to stakeholders in a clear and concise manner to facilitate effective risk mitigation and enhancement of the organization's security posture.
• Develop, implement, and execute industry-leading vulnerability & threat management services, vulnerability remediation and patch management oversight across the enterprise.
• Support risk-based vulnerability prioritization, reporting, and developing remediation steps
• Support workshop processes and runbooks for vulnerability identification, analysis, remediation, and reporting
• Support planning and execution of corporate vulnerability assessments and penetration testing engagements
• Analyze threat and vulnerability feeds and analyze data for applicability in the environment
• Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
• Support executive-level reporting and maintenance of a threat database.
• Provide regular reports on the state of system security, threats, vulnerabilities, and patch management to all stakeholders.

What we're looking for

• Bachelors Degree in either ICT, Computer Science, any related course
• Requires multiple Professional Security certifications (i.e. CISSP, CISM, etc.)
• Proven track record in PCI-DSS, ISO27001, NIST Cybersecurity Framework, Data Privacy program implementation experience
• Work experience in Information Security, Network Security, IT Security, Cybersecurity, IT Risk Management, or related role
• Proficiency with VAPT tools such as Kali Linux, Tenable, Rapid 7, Metasploit, Burp Suite, Qualys, Nmap, etc.
• Knowledge of vulnerability scanning, source code analysis, advanced network protocol manipulation, and custom penetration testing tool creation
• Strong understanding of Networking (TCP/IP, SSH, SFTP, VPN, Firewalls, Routers, etc.) and Server and workstation operating systems (Windows, Linux, etc.)

What you can expect from joining our team

• Career development and training opportunities
• Competitive salary package and benefits
• Performance-based incentives and recognition programs to reward high-performing individuals
• Opportunity to work with industry experts and be mentored by them
• Defined career progression paths to guide you in your professional growth