Search by job, company or skills

bank of commerce (philippines)

Security Testing and Assurance Analyst

bank of commerce (philippines)
Philippines
2-4 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 2 months ago
  • Be among the first 10 applicants
Early Applicant

Job Description

JOB SUMMARY:

The Security Testing and Assurance (STA) Analyst supports and executes the Bank's technical security testing activities under the direction of the Section Head. The role provides hands-on assistance in vulnerability assessments, penetration testing, compromise assessments, red and purple team exercises, and threat monitoring. The Analyst may be tasked to handle specific projects or testing engagements, ensuring findings are validated, documented, and tracked to closure. The position also supports the administration of Darktrace NDR, maintains risk documentation, and contributes to incident response and policy improvement initiatives.

JOB DESCRIPTION:

  • Execute and support security testing engagements including vulnerability assessments, penetration testing, application security reviews, red and purple team exercises, compromise assessments, and physical security testing, as directed by the Section Head, ensuring activities are conducted in line with the agreed scope and timelines.
  • Validate and document results by reviewing initial findings from security testing engagements, confirming their accuracy, and preparing draft reports with supporting evidence for Section Head review.
  • Coordinate with system owners, application teams, and vendors during testing projects to clarify requirements, resolve issues, and escalate critical matters to the Section Head for decision.
  • Support vendor documentation and planning by assisting in the preparation of requirements, project scopes, and related documents needed for third-party testing engagements to ensure clarity of objectives and deliverables.
  • Track vendor outputs by monitoring submissions and timelines, verifying completeness and accuracy of reports, and raising delays or deficiencies to the Section Head for resolution
  • Provide Darktrace monitoring support by reviewing alerts and anomalies flagged by the NDR platform, performing initial assessments, and escalating suspicious activity to the MSOC or Section Head for further investigation.
  • Log and distribute advisories by recording and circulating intelligence reports and threat notifications received from the BAP-CID Threat Intelligence and Collaboration Platform, ensuring relevant teams are promptly informed.
  • Maintain testing records by keeping well-organized documentation of all testing engagements, including activity logs, remediation status, and revalidation outcomes, for compliance and audit purposes
  • Support integration of testing results by coordinating with the RA&A and ITGC sections to ensure outputs from security testing are reflected in risk assessments and compliance requirements.
  • Provide technical inputs to incident response by supplying validated technical data and findings from testing and threat monitoring to support investigations and response activities when assigned.
  • Assist in policy updates by providing input to the review and updating of security testing-related policies, procedures, and technical standards, ensuring they reflect current practices and findings.
  • Contribute to awareness initiatives by helping prepare materials and training inputs that reflect lessons learned from testing engagements and highlight emerging threat trends.
  • Stay informed on emerging threats by continuously monitoring developments in attack techniques, vulnerabilities, and testing tools to improve technical knowledge and contributions.
  • Perform other related tasks as may be assigned by the Section Head or CISO to support the overall objectives of the Security Testing and Assurance Section

JOB QUALIFICATIONS:

  • Bachelor's degree in Information Security, Computer Science, or related field
  • Certifications in information security or IT-related domains (e.g., OSCP, GPEN, GWAPT, CEH) are considered an advantage and may strengthen the candidate's suitability for the role.
  • At least 2 years of experience in cybersecurity or IT Risk with exposure to vulnerability assessments, penetration testing, or incident response.
  • Solid understanding of vulnerability management, secure coding practices, and red team methodologies.
  • Familiar with NIST, OWASP, MITRE ATT&CK, and BSP regulatory standards (e.g., Cir. 982, 1140).
  • Capable of interpreting technical reports and preparing clear documentation.
  • Proficient in Microsoft Office (Excel, Word, PowerPoint); familiarity with SIEM, EDR, or NDR tools (e.g., Darktrace) is an advantage.
  • Effective communication skills for coordinating with technical teams, vendors, and auditors

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Cybersecurity
Employment Type:
Full time

Job ID: 141358855

Jobs by Skill - IT
Jobs by Skill - Non IT
Jobs By Industry
International Jobs
Last Updated: 04-04-2026 10:58:05 PM
Homejobs in PhilippinesSecurity Testing and Assurance Analyst