About Security Bank

We are the Philippines’ largest independent bank, having won countless awards over the years including the most prestigious industry award in both 2015 and 2016—the Bank of the Year – Philippines by The Banker.

We’re changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.

Now, with more than 300 branches spanning the country, BetterBanking has become the gold standard in improving the banking lives of millions of Filipinos. But we’re far from done.

In our constant pursuit of excellence and improvement, we create teams that support our business and each other.

The Role

As an Application Security Assessment Officer, you will be responsible for ensuring that the regular secure code review is conducted on regular basis on applications and mobile app. You will ensure that all identified application/mobile app vulnerabilities are accounted for and resolved within the agreed timeframe.

How you'll contribute

  • Conducts Security Code Review on Applications and Mobile app based on approved scope and timeline.
  • Identifies critical flaws in applications and mobile apps that attackers could exploit.
  • Participates as Subject Matter Expert (SME) and provides consultative recommendations in discussions related to Vulnerability Assessment and Penetration Testing.
  • Regular interaction with the IT Secure Code Management Team to understand the new technology and review process.
  • Uses automated tools to pinpoint vulnerabilities, exploit and reduce time-consuming tasks.
  • Configures the Automated Application/Mobile App Security Code Review tool and ensures that scans are scheduled and performed accordingly.
  • Uses manual testing techniques and methods to gain a better understanding of the applications/mobile app environment and reduce false negatives.
  • Ensures that all Application and Mobile App vulnerability findings are attended to and acted upon by remediating team/platform owners.
  • Conducts research and attends training on common attack routes, new cybersecurity threats, trends, and technologies to understand the controls needed in the IT environment.
  • Ensures that Secure Code Review is performed on a regular basis.
  • Maintains an inventory of their identified Application/Mobile App vulnerabilities and monitor the status and actions taken to address the weakness
  • Creates and submits comprehensive Secure Code Review reports to remediating team and platform owners on a regular basis
  • Supports the development of security processes and procedures by validating report findings to reduce false positives, use of tools to automate the review process, and recommending technology upgrade opportunities for the unit and/or division
  • Assists in Secure Code Review requirements to support project delivery.

What we’re looking for:

  • Bachelor's Degree in Business Management or related majors.
  • Certifications in any of the following: Certified Application Security Code Engineer (CASE), Security+, Certified Information Systems Security Professional (CISSP)
  • With experience in Application/Mobile Secure Code Review, Per Code Review, Vulnerability Management
  • At least 5 years of experience in Security Code Review
  • Scripting and object-oriented programming experience.
  • A high degree of organizational & analytical skills.
  • Flexible and capable of taking multiple tasks and meeting tight deadlines
  • Self-motivated and result-oriented, driving projects to meet the designated schedule
  • Excellent interpersonal communication & presentation skills.
  • Proficient in both oral & written communication.
  • Knowledge of IT Operations, Information Security, Business Continuity Management, Vulnerability Assessment, and Penetration Testing, Risk Management.
  • Experience with various operating systems including Windows, Linux, and Unix
  • Knowledge of application/mobile app security vulnerabilities such as the OWASP Top 10
  • Experience with various security tools and products (Veracode, Fortify, AppScan, Checkmarx, etc.)
  • Application development background and application security knowledge
  • Good understanding of Secure Code Review Lifecycle
  • Knowledge on promoting secure programming
  • Knowledge of NVD and CVSS scoring.
  • Good understanding of SDLC components.

Apply for this Job

* Required

  
  
When autocomplete results are available use up and down arrows to review
+ Add Another Education