We are the Philippines’ largest independent bank, having won countless awards over the years including the most prestigious industry award in both 2015 and 2016—the Bank of the Year – Philippines by The Banker.
We’re changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.
Now, with more than 300 branches spanning the country, BetterBanking has become the gold standard in improving the banking lives of millions of Filipinos. But we’re far from done.
In our constant pursuit of excellence and improvement, we create teams that support our business and each other.
As an IT - Vulnerability Manager Lead, you will be responsible for ensuring that the regular vulnerability assessment and penetration testing are conducted on regular basis. You will ensure that their identified vulnerabilities are accounted for and resolved within the agreed time frame. You will be responsible for ensuring that SLAs are met by the team members and you will be the point of contact for all ITVMs and projects that require the services of the team
How you'll contribute
- Conducts vulnerability assessment and penetration testing based on the scope and agreed timeline.
- Identifies critical flaws in applications and systems that attackers could exploit.
- Participates as Subject Matter Expert (SME) and provides a consultative recommendation in discussion related to Vulnerability Assessment and Penetration Testing
- Regular interaction with the IT Vulnerability Management Team to understand the new technology and scanning process.
- Uses automated tools to pinpoint vulnerabilities, exploit and reduce time-consuming tasks.
- Configures the vulnerability scanner and ensures that scans are scheduled and performed accordingly.
- Uses manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives.
- Develops, tests, and modifies custom scripts and applications for security vulnerability testing.
- Ensures that all vulnerability findings are attended to and acted upon by remediating team/platform owners.
- Coordinates with Patch Manager and other concerned units their identified vulnerabilities to ensure the findings are assessed, accepted, or mitigated.
- Coordinates with Network Operations Center (NOC), Incident Response Team (IRT), Security Operations Center (SOC), and other units on matters related to cybersecurity incidents due to unknown or identified vulnerability.
- Maintains an inventory of their identified vulnerabilities and monitors status and actions taken to address the weakness.
- Creates and submits comprehensive VAPT reports to remediating team/platform owners on regular basis.
- Assists on VAPT requirements to support project delivery
What we’re looking for:
- Bachelor's Degree in Business Management or related majors
- Preferably with certifications in any of the following: Security+, Pen Tester, Vulnerability Assessor
- At least 5 years of experience in Vulnerability Assessment and Penetration Testing
- A high degree of organizational & analytical skills.
- Flexible and capable of taking multiple tasks and meeting tight deadlines
- Self-motivated and result-oriented, driving projects to meet the designated schedule
- Excellent interpersonal communication & presentation skills.
- Proficient in both oral & written communication.
- Knowledge of IT Operations, IT Network/Infrastructure, Information Security, Business Continuity Management, Vulnerability Management, Risk Management.
- Experience with various operating systems including Windows, Linux, and Unix
- Experience with various security tools and products (Nessus, Qualys, Metasploit, Burp Suite, Core Impact, etc.)
- Understanding of Security and Infrastructure Architecture/Technologies: including but not limited to Routers, Firewalls, IDS, VPN, Multi/Two Factor Authentication, Identity Management, Data Leak Prevention, Encryption, Application Security, Vulnerability Scanners, Penetration Testing, Windows and Unix Systems Security.
- Ability to scrutinize complex and diverse information and transform details and facts into recommendations and action plans.
- Knowledge of NVD and CVSS scoring
- Excellent understanding of Vulnerability Assessment and Penetration Testing Lifecycle