VAPT Engineer

A leading financial institution is seeking a highly skilled Vulnerability Assessment and Penetration Testing Engineer to join their dynamic Technology Security team in Taguig.

This pivotal role offers you the opportunity to make a significant impact by safeguarding critical infrastructure, networks, and applications through comprehensive security assessments and advanced penetration testing. You will be at the forefront of identifying, analysing, and mitigating security vulnerabilities, ensuring compliance with global standards, and proactively reducing organisational risk. The organisation values collaboration, continuous learning, and knowledge sharing, providing an environment where your expertise will be recognised and your professional growth supported. With flexible working opportunities and a commitment to employee development, this is an exceptional chance to advance your career in cybersecurity while contributing to the resilience of a forward-thinking financial services provider.

• Play a key role in protecting vital digital assets by conducting thorough vulnerability assessments and sophisticated penetration tests across diverse environments including web, mobile, client-server, APIs, databases, and IoT devices.
• Collaborate closely with cross-functional teams such as IT, SOC, Compliance, Tech Risk, Audit, and Data Privacy to drive remediation efforts and enhance overall security posture through shared knowledge and teamwork.
• Benefit from a supportive leadership structure that encourages ongoing training opportunities, fosters inter-personal connections within the team, and prioritises both your professional development and well-being.

What you'll do:

As a Vulnerability Assessment and Penetration Testing Engineer based in Taguig’s vibrant business district, you will immerse yourself in a multifaceted role dedicated to fortifying the organisation’s digital defences. Your day-to-day responsibilities will revolve around performing meticulous vulnerability assessments across various technological domains—ranging from traditional infrastructure to cutting-edge IoT devices—using both manual techniques and automated tools. You will orchestrate complex penetration tests employing black-box, white-box, and grey-box approaches to identify hidden weaknesses before they can be exploited. In addition to hands-on technical work, you will lead Red Team exercises that mimic sophisticated cyber threats to test the organisation’s detection capabilities in real-world scenarios. Your expertise will also be crucial in automating security checks within CI/CD pipelines as part of DevSecOps initiatives. Beyond technical execution, you will collaborate extensively with internal teams such as IT Operations and SOC during incident response events—analysing attack vectors in real time—and provide clear guidance on remediation strategies. You will also play an educational role by developing engaging security awareness programmes for staff at all levels. Through comprehensive reporting tailored for both technical audiences and senior executives alike, you will ensure that actionable insights are communicated effectively throughout the organisation.

• Conduct regular vulnerability assessments for infrastructure, network, web applications, mobile platforms, client-server systems, APIs, databases, wireless networks, and IoT devices using industry-leading methodologies.
• Perform black-box, white-box, and grey-box penetration testing to uncover potential security flaws across all layers of technology.
• Utilise advanced application security testing techniques such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Interactive Application Security Testing (IAST) within CI/CD pipelines.
• Lead Red Team engagements to simulate real-world cyber threats using MITRE ATT&CK frameworks and adversary tactics to evaluate detection and response capabilities.
• Develop custom exploits and lateral movement strategies while collaborating with Blue Teams/SOC for threat detection exercises and incident response simulations.
• Manage a suite of security tools including Burp Suite, Kali Linux, Frida, Rapid7, Nessus, Qualys, Metasploit, OWASP ZAP, Nmap, Wireshark, Checkmarx, Fortify, Acunetix; automate security testing processes within DevSecOps environments.
• Participate actively in incident response activities by analysing exploited vulnerabilities during real-time attacks; support forensic analysis and malware reverse engineering as needed.
• Identify and prioritise vulnerabilities based on risk impact; develop detailed assessment reports outlining findings with actionable remediation plans aligned with regulatory standards such as ISO 27001 or PCI-DSS.
• Deliver engaging security awareness programmes for employees; conduct simulated phishing campaigns and social engineering tests to assess organisational readiness.
• Prepare technical documentation including playbooks for Red Team operations; present executive-level reports on security findings to senior management and business units.

What you bring:

To excel as a Vulnerability Assessment and Penetration Testing Engineer in this esteemed financial institution’s Technology Security team requires not only deep technical acumen but also outstanding interpersonal skills. Your background should include substantial hands-on experience conducting complex vulnerability assessments across diverse platforms—web applications, mobile devices, client-server architectures—as well as executing sophisticated penetration tests using both manual methods and automated toolsets. A solid academic foundation complemented by industry-recognised certifications demonstrates your commitment to professional excellence. Your ability to analyse intricate attack vectors during live incidents will be matched by your skill in communicating findings clearly to both technical colleagues and non-technical stakeholders alike. You thrive when collaborating with others—whether supporting forensic investigations alongside SOC teams or delivering engaging training sessions that raise organisational awareness about cybersecurity risks. Your attention to detail ensures that every report you produce provides actionable insights while adhering strictly to regulatory requirements. Above all else, your integrity shines through in every interaction: you are known for being dependable under pressure while fostering trust among peers at all levels of the organisation.

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity or related discipline is required for this position.
• Professional certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CRTP (Certified Red Team Professional), CMWAPT (Certified Mobile & Web Application Penetration Tester), or GIAC credentials like GWAPT/GPEN are highly desirable.
• At least five years of proven experience in vulnerability assessment and penetration testing roles within large-scale enterprise environments is essential.
• Demonstrated proficiency in advanced penetration testing techniques including bypassing security controls as well as reverse engineering malware samples for threat emulation purposes.
• Hands-on experience with exploitation tools/processes such as Burp Suite Pro/Kali Linux/Metasploit/Nessus/Qualys/OWASP ZAP/Nmap/Wireshark/Checkmarx/Fortify/Acunetix is expected.
• Familiarity with automating security testing within CI/CD pipelines using DevSecOps best practices is advantageous for this role.
• Excellent analytical skills combined with strong communication abilities are necessary for effective collaboration across multiple departments including IT/SOC/Audit/Compliance/Data Privacy teams.
• Experience developing custom scripts/exploits for unique penetration scenarios along with maintaining up-to-date knowledge of emerging cyber threats is important.
• Ability to create detailed technical documentation/playbooks/reports tailored for both technical stakeholders and executive leadership is required.
• A high level of integrity/probity coupled with diligence; membership in relevant industry or professional organisations is considered beneficial.

What sets this company apart:

This organisation stands out as one of the region’s most respected financial institutions due to its unwavering commitment to technological advancement paired with robust governance practices. Employees benefit from a culture that places high value on collaboration—encouraging open communication between teams such as Technology Security Operations/Audit/Compliance/Data Privacy—which creates an inclusive environment where everyone’s contributions are recognised. The company invests heavily in ongoing training opportunities so that each team member remains at the forefront of cybersecurity trends while advancing their own career aspirations. Flexible working arrangements further support work-life balance without compromising on operational excellence or customer trust. By joining this forward-thinking employer you become part of a community dedicated not only to protecting critical assets but also nurturing personal growth through shared knowledge initiatives—all underpinned by supportive leadership focused on long-term success for both individuals and the wider organisation.

What's next:

If you are passionate about making a difference in cybersecurity while growing your career within a supportive environment then this could be your next great opportunity—apply now if you’re ready to take on this rewarding challenge!

Apply today by clicking on the link provided—your journey towards securing tomorrow starts here.

Due to the high volume of applications we are experiencing, our team will only be in touch with you if your application is shortlisted.