Vulnerability Assessment & Management Analyst

About the Job

Location: Makati City

Corporate Title: Assistant Manager to Manager

Work Arrangement: Hybrid

Our Information Security & Data Protection Office team is looking for experienced professionals to join us in Makati City with the role of Vulnerability Assessment & Management Analyst

In this role you will provide expert advice and guidance on Information Security matters ensuring stakeholders are well-informed for sound security decisions. Effectively support the Information Security team fostering a positive and innovative work environment. You will also have to provide support a team of Vulnerability Assessment and Penetration Testing (VAPT) and Information Security/Risk Management security professionals.

Your dream. Our focus.

East West Banking Corporation (EastWest) is one of the largest universal banks in the Philippines and is committed to continuously invest in people and in process product and service enhancements and embrace new ideas to enhance the EastWest experience.

We empower our employees to drive their careers and are committed to provide the runway for them to grow. We value teamwork and individual initiative. Join us and be part of a highly engaged team and a workplace that promotes development and goal attainment.

Whether youre just starting out or already a seasoned professional EastWest can help you unleash your potential and bridge the gap between dream to success.

What the role will entail

• Support the provision of team direction and establish individual goals and objectives to ensure the effective performance of the red team. Coach and mentor staff to foster their professional development and ensure their performance goals are met.
• Support the execution of vulnerability assessment and penetration testing (VAPT) activities against a wide range of platforms infrastructure and applications. Oversee the identification and documentation of potential vulnerabilities to enhance the organizations cybersecurity posture.
• Ensure the inclusion of appropriate security controls in the design and development of new projects and/or key changes and the conduct of vetting processes to ensure adequate mitigation of vulnerabilities
• Support the development and implementation of innovative testing methodologies tactics techniques and procedures to ensure the red team remains ahead of evolving attacker techniques. Adapt and refine testing approaches to maintain the effectiveness of red teaming efforts in the face of emerging cybersecurity threats.
• Support the preparation and delivery of comprehensive and well-documented reports highlighting identified vulnerabilities including detailed mitigation strategies and recommendations for improvement. Present findings to stakeholders in a clear and concise manner to facilitate effective risk mitigation and enhancement of the organizations security posture.
• Develop implement and execute industry-leading vulnerability & threat management services vulnerability remediation and patch management oversight across the enterprise.
• Support risk-based vulnerability prioritization reporting and developing remediation steps
• Support workshop processes and runbooks for vulnerability identification analysis remediation and reporting
• Support planning and execution of corporate vulnerability assessments and penetration testing engagements
• Analyze threat and vulnerability feeds and analyze data for applicability in the environment
• Produce vulnerability configuration and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
• Support executive-level reporting and maintenance of a threat database.
• Provide regular reports on the state of system security threats vulnerabilities and patch management to all stakeholders.

What were looking for

• Bachelors Degree in either ICT Computer Science any related course
• Requires multiple Professional Security certifications (i.e. CISSP CISM etc.)
• Proven track record in PCI-DSS ISO27001 NIST Cybersecurity Framework Data Privacy program implementation experience
• Work experience in Information Security Network Security IT Security Cybersecurity IT Risk Management or related role
• Proficiency with VAPT tools such as Kali Linux Tenable Rapid 7 Metasploit Burp Suite Qualys Nmap etc.
• Knowledge of vulnerability scanning source code analysis advanced network protocol manipulation and custom penetration testing tool creation
• Strong understanding of Networking (TCP/IP SSH SFTP VPN Firewalls Routers etc.) and Server and workstation operating systems (Windows Linux etc.)

What you can expect from joining our team

• Career development and training opportunities
• Competitive salary package and benefits
• Performance-based incentives and recognition programs to reward high-performing individuals
• Opportunity to work with industry experts and be mentored by them
• Defined career progression paths to guide you in your professional growth