OFFENSIVE SECURITY OFFICER

Be #InGoodHands with Metrobank!

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!

Position Title:  Offensive Security Officer

Job Summary

Plan, document test methodologies and perform penetration testing or ethical hacking of network infrastructure, application systems including mobile applications all in a stealthy operation without being detected, in order to identify potential security weaknesses in the system.  Collaborate with ITG developers by communicating the back doors/security weaknesses identified and providing inputs in correcting the security flaws.  Establish red team procedures in conducting red team exercises.

Specific Duties & Responsibilities

·       Perform threat analysis, wireless network assessments, and social-engineering assessments including physical security assessments to develop test scenarios.

·       Conduct network and system security scans. Perform manual and automated hacking techniques on network infrastructure, computer systems, web and mobile applications. Search for weaknesses and recommend corrective measures to prevent potential attacks.

·       Evade intrusion prevention systems, intrusion detection systems, firewalls, and honeypots to ensure they are effective and reinforced when necessary.

·       Identify methods and entry points that attackers may use to exploit vulnerabilities or weaknesses

·       Develop abuse cases and testing methods to identify vulnerabilities in business logic.

·       Develop/update scripts/tools to enhance penetration testing processes.

·       Research, evaluate, document and discuss findings with IT teams and management. Collaborate with IT teams to remediate the vulnerabilities.

·       Effectively communicate findings and remediation strategy to stakeholders. Develop comprehensive and accurate reports and presentations for both technical and executive audiences.

·       Review, verify and provide feedback on information security fixes.

·       Establish improvements for existing security services, including hardware, software, policies and procedures.

·       Observe business continuity and its operations when performing testing (i.e. minimize downtime and loss of employee productivity).

·       Stay updated on the latest malware and security threats.

·       Assist in cyber security investigations.

·       Recognize the safe utilization of attacker tools, tactics, and procedures.

·       Keep abreast with the latest attack vectors, hacking methods, ethical hacking/pen testing techniques and new penetration testing tools.

·       Analyze security policies and configurations for effectiveness against an attack and make necessary suggestions on security policy and configuration improvements.

·       Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.

·       Perform other information security governance, risk and compliance related duties and responsibilities as directed by the Department Head.

Other Details:

Rank: Junior Officer

Unit: Enterprise Services Sector / Information Security Division / Consulting and Project Services Department
Location:  Metrobank Center, BGC