Security Vulnerability and Penetration Testing (VAPT) Engineer

A leading global professional services organisation is seeking a Security Vulnerability and Penetration Testing Engineer to join their highly respected Technology function in Taguig.

This is an exceptional opportunity for you to play a pivotal role in safeguarding the integrity, confidentiality, and availability of critical information systems across a truly international business. You will be at the forefront of security assessment activities, working with cutting-edge tools and collaborating with talented professionals from around the world. The organisation is renowned for its commitment to diversity, inclusion, and continuous learning, offering a supportive environment where your expertise will be valued and your growth encouraged. Flexible working opportunities and a culture that celebrates knowledge-sharing make this an ideal setting for those passionate about advancing their career in cybersecurity.

• Join a globally recognised organisation with over 70 offices worldwide, providing seamless solutions for complex business challenges through deep sector expertise and local market knowledge.
• Be part of a forward-thinking Technology team focused on cloud-first strategies, continuous improvement in collaboration capabilities, data maturity, automation, and productivity.
• Experience an inclusive and diverse workplace that actively promotes professional development, encourages knowledge sharing, and supports flexible working arrangements.

What you'll do:

As a Security Vulnerability and Penetration Testing Engineer based in Taguig, you will play a crucial role in protecting the organisation’s digital assets by overseeing all aspects of security assessment activity. Your day-to-day responsibilities will involve conducting thorough penetration tests on various systems and applications using both automated tools and manual methods. You will provide expert guidance on vulnerability management processes while acting as the go-to resource for VAPT-related queries. Your ability to communicate complex findings clearly will enable stakeholders at all levels to understand risks and implement effective solutions. Working collaboratively with global teams across legal, business professional, and technology functions will be key to ensuring that security remains integral to every aspect of the organisation’s operations. Success in this role requires not only technical mastery but also strong interpersonal skills—enabling you to build productive relationships across departments while fostering a culture of continuous improvement.

• Conduct comprehensive security penetration testing on systems, platforms, and applications to identify vulnerabilities and recommend effective remediation strategies.
• Serve as a subject matter expert for all vulnerability assessment and penetration testing (VAPT) activities within the organisation, ensuring best practices are followed.
• Act as the system owner for VAPT toolsets, platforms, and processes, maintaining up-to-date knowledge of emerging threats and technologies.
• Prepare clear, concise technical assessment reports tailored to both technical and non-technical audiences, including practical recommendations based on sound risk management principles.
• Collaborate closely with cross-functional teams—including lawyers, clients, and business professionals—to ensure technology offerings remain secure and innovative.
• Support the preparation of internal training materials and documentation to enhance organisational awareness of security risks and mitigation techniques.
• Validate identified vulnerabilities with precision, using manual techniques alongside automated tools such as Nessus, Appscan, Burp Suite, Nipper, Trustwave, Wireshark, Kali Linux, Metasploit, and others.
• Stay abreast of the evolving threat landscape by continuously updating practices in line with new adversary tactics and industry developments.
• Participate in ad hoc travel as required to support global security initiatives or collaborate with international colleagues.
• Maintain composure under pressure while managing multiple tasks requiring different approaches and expertise.

What you bring:

To excel as a Security Vulnerability and Penetration Testing Engineer in this global environment, you will bring proven experience performing advanced penetration tests across diverse platforms using industry-leading tools. Your background includes formal education or substantial equivalent experience in computer science or related fields—supported by key certifications such as CISSP and OSCP. You possess deep knowledge of VAPT methodologies alongside practical expertise with both automated scanners and manual testing techniques. Your understanding extends beyond technical execution: you appreciate how risk management principles inform prioritisation of remediation efforts within large organisations. Strong communication abilities allow you to translate complex findings into actionable insights for varied audiences. Additionally, your adaptability ensures you remain effective amid shifting priorities or emerging threats—while your collaborative mindset helps foster trust-based partnerships throughout the business.

• Bachelor’s degree in Computer Science or equivalent experience demonstrating advanced technical acumen relevant to cybersecurity roles.
• CISSP certification is required; Offensive Security OSCP is also mandatory; GIAC GPEN or GWAPT certifications are highly desirable.
• Extensive hands-on experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, Trustwave as well as attack frameworks like Wireshark, Kali Linux, Metasploit.
• Expertise in mobile platform security technologies including vulnerability identification tools and exploitation frameworks along with best practice knowledge for mobile environments.
• Comprehensive understanding of VAPT concepts—including ethical hacking requirements—and the distinction between vulnerability assessments versus penetration tests regarding scope and deliverables.
• Authoritative familiarity with OWASP standards, CVE databases, general security controls plus current application/operating system exploits; proficiency in scripting/programming languages is advantageous.
• Demonstrated ability to validate vulnerabilities accurately using both manual techniques (such as proxies/browser plugins) and automated solutions within complex application environments.
• Ongoing commitment to staying informed about threat landscapes; adaptable approach to evolving adversary tactics/practices within risk management contexts.
• Exceptional written/oral communication skills enabling you to convey intricate technical concepts effectively to non-technical stakeholders; fluency in English is essential.
• Proven capacity for critical thinking under pressure; able to maintain focus without direct supervision while contributing positively within collaborative teams.

What sets this company apart:

This organisation stands out for its unwavering commitment to creating an inclusive workplace where people from all backgrounds can thrive professionally. With more than 70 offices worldwide supporting clients across markets and sectors, it offers unparalleled opportunities for exposure to complex challenges on a global scale. The Technology function is dedicated not only to delivering best-in-class infrastructure but also to driving continuous evolution through cloud-first strategies—ensuring employees have access to modern tools that empower innovation. Diversity is celebrated here: individuals are encouraged to fulfil their aspirations regardless of race, religion or belief (if any), gender identity or expression, disability status or sexual orientation. The culture emphasises collaboration over hierarchy—valuing each person’s contribution while promoting ongoing learning through training opportunities. Employees benefit from flexible working arrangements designed to support work-life balance alongside generous professional development resources that nurture both technical excellence and personal growth.

What's next:

If you are ready to take your cybersecurity career further by joining a truly global team dedicated to making a difference—this is your moment!

Apply today by clicking on the link provided—your next challenge awaits!

Due to the high volume of applications we are experiencing, our team will only be in touch with you if your application is shortlisted.