196 Application Security jobs in the Philippines

The Application Security Engineer is a cybersecurity professional responsible for embedding security throughout the entire software development lifecycle (SDLC). This role is a vital link between development and security teams, ensuring that applications are designed, built, and deployed with robust security controls to protect against modern cyber threats. The ideal candidate is a proactive problem-solver with a strong background in software development and a deep understanding of application vulnerabilities and attack vectors.

• Minimum Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field.
• 5 years of experience in application security, software development, or a related cybersecurity field.
• Strong proficiency in one or more programming languages (e.g., Java, Python, JavaScript, C++).
• Deep understanding of web application vulnerabilities.
• Hands-on experience with security tools (SAST, DAST, SCA, IAST).
• Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and container technologies (e.g., Docker, Kubernetes).
• Knowledge of common security protocols and frameworks (e.g., TLS, OAuth, SAML).

Multisys Technologies Corporation is considered one of the leading software solutions company in the Philippines that provides a wide range of cost-effective, full-scale software services, system platforms, and integrations being used by thousands of companies and organizations. Empowering Your Business A leading software company in the Philippines, Multisys has been steadfast in seeking greater digital transformation for the country, through systems design, development (programming), and deployment (implementation). Who We Are We are a software solutions company backed by a team of full-stack developers and elite programmers. What We Do Multisys empowers businesses and is a partner to everyone. The wide breadth of copyrighted platforms and solutions that we openly offer underscores our relentless commitment to helping private companies operate more efficiently and grow, as well as to assist government agencies for faster and more effective delivery of services to the public. How We Help We put our heart and core on system automation and integration services that expedite various processes and transactions—ultimately helping reinforce the ease of doing business across the Philippines archipelago. Corporate Principle We pursue and bring solutions beyond software development to create impactful advancement to empower businesses. Our Mission Our mission is to build a sustainable and future-ready society by providing smart solutions to empower businesses and partners to expedite and streamline their processes. Our Vision Our vision is to revolutionize ways of life towards greater digital transformation through innovative software solutions. Our Culture We Work to Play and Play to Win We maintain a casual work environment to inspire our people and help them achieve more.

Do you want to take the first step in making Filipinos' lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation G ka ba? Join the G Nation today

Key Responsibilities
Secure Development Practices
:

• Conduct static (SAST) and dynamic (DAST) security testing and provide actionable remediation recommendations to developers.
• Develop and maintain secure coding standards and guidelines.
• Perform manual code reviews for high-risk applications or critical features.

Tooling And Automation

• Configure and manage application security tools
• Automate security testing within CI/CD pipelines to ensure scalability and consistency.

Collaboration And Training

• Collaborate with developers and DevOps teams to embed security into workflows.
• Provide training and guidance to developers on secure coding practices.

Vulnerability Management

• Track, prioritize, and help remediate vulnerabilities in applications and dependencies.
• Research and evaluate emerging threats and technologies to enhance application security.

Incident Support

• Support incident response efforts by analyzing application-level vulnerabilities.
• Provide expertise during security incidents related to applications.

Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, or equivalent experience.

• Experience:

• 5+ years in application security or software development with a strong focus on security.

• Proven experience with SAST, DAST, and dependency scanning tools.

• Technical Skills:

• Proficiency in programming languages (e.g., Python, Java, JavaScript).

• Deep understanding of OWASP Top 10, secure design principles, and common attack vectors.
• Experience in integrating security tools into CI/CD pipelines.

• Knowledge of cloud-native application security and containerized environments.

• Soft Skills:

• Strong analytical and problem-solving abilities.

• Effective communication skills to translate technical security issues for diverse audiences.

What We Offer
Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package

Imagine a world where banking is not just a transaction but a transformative experience. Welcome to Axos Business Center We're on a mission to redefine the financial landscape with innovation, creativity, and customer-centric solutions at the core of everything we do. #Banking Evolved.

Ready to dive into a new chapter in your career journey and make your mark this year? We need visionary minds like yours Join our team and become part of a dynamic force that's reshaping how people interact with their finances.

Your next big opportunity is just a click away

**We are seeking a Security Engineer with deep expertise in application security platforms to own, operate, and optimize our WAF, bot defense, API security, and application testing tools. This role will focus on ensuring these platforms are well-configured, continuously tuned, and delivering maximum security value with minimal business friction.

The Security Engineer will also serve as the incident response lead for application-layer attacks, participate in the on-call rotation, and work primarily during Pacific Time (PT) business hours to align with our operations.**

Key Responsibilities

• AppSec Tool Management & Optimization

• Administer and tune Cloudflare WAF, maintaining rules, policies, and custom configurations.

• Manage and optimize bot defense platforms (e.g., F5/Shape, Arkose) to mitigate automated fraud, scraping, and credential stuffing.
• Oversee and tune API security solutions (e.g., Traceable) for visibility, anomaly detection, and protection.
• Operate DAST and SAST platforms, ensuring they are integrated into CI/CD and providing actionable insights.

• Security Operations & Incident Response

• Lead response to AppSec-related incidents, including botnet activity, API abuse, and web exploitation attempts.

• Participate in the on-call rotation, ensuring timely detection, escalation, and remediation of critical application security events.
• Build playbooks for WAF/bot/API incident handling and drive continuous improvement of detection/response.
• Collaborate with SOC, DevOps, and development teams to remediate issues and strengthen defenses.

• Continuous Improvement

• Tune tools to reduce false positives and improve detection accuracy.

• Track tool coverage and effectiveness, providing metrics and reports to leadership.
• Engage with vendors to leverage updates, intelligence feeds, and advanced features.

• Collaboration & Governance

• Partner with application teams to align security policies with business requirements.

• Support compliance initiatives by ensuring tooling configurations meet regulatory/security standards.

Key Responsibilities

• AppSec Tool Management & Optimization

• Administer and tune Cloudflare WAF, maintaining rules, policies, and custom configurations.

• Manage and optimize bot defense platforms (e.g., F5/Shape, Arkose) to mitigate automated fraud, scraping, and credential stuffing.
• Oversee and tune API security solutions (e.g., Traceable) for visibility, anomaly detection, and protection.
• Operate DAST and SAST platforms, ensuring they are integrated into CI/CD and providing actionable insights.

• Security Operations & Incident Response

• Lead response to AppSec-related incidents, including botnet activity, API abuse, and web exploitation attempts.

• Participate in the on-call rotation, ensuring timely detection, escalation, and remediation of critical application security events.
• Build playbooks for WAF/bot/API incident handling and drive continuous improvement of detection/response.
• Collaborate with SOC, DevOps, and development teams to remediate issues and strengthen defenses.

• Continuous Improvement

• Tune tools to reduce false positives and improve detection accuracy.

• Track tool coverage and effectiveness, providing metrics and reports to leadership.
• Engage with vendors to leverage updates, intelligence feeds, and advanced features.

• Collaboration & Governance

• Partner with application teams to align security policies with business requirements.

• Support compliance initiatives by ensuring tooling configurations meet regulatory/security standards.

Required Qualifications

• 4–6+ years of experience in information security or application security operations.
• Hands-on experience with Cloudflare WAF (or equivalent enterprise WAF).
• Experience managing bot defense tools (F5/Shape, Arkose, or similar).
• Familiarity with API security solutions (Traceable, Salt, or similar).
• Experience with DAST and/or SAST platforms in an enterprise environment.
• Strong understanding of OWASP Top 10 and API Security Top 10 threats.
• Background in incident response, particularly application and API security events.
• Willingness to participate in an on-call rotation for AppSec-related incidents.
• Ability to work Pacific Time (PT) business hours to support operational coverage.

Preferred Qualifications

• Experience integrating AppSec tools into CI/CD pipelines.
• Familiarity with SIEM/SOAR platforms for AppSec event enrichment and automation.
• Knowledge of cloud security (AWS, Azure, GCP) in relation to web and API workloads.
• Industry certifications (e.g., GWAPT, GWEB, CCSK, AWS Security Specialty) are a plus.

Join Our Team at Paynamics Technologies Inc.
Company Description
Paynamics Technologies Inc. is a Payment Service Provider and Software Development company based in Manila, Philippines. The company offers electronic payment products such as credit card/debit card processing, check processing, and alternative payments like bank transfers, e-wallets, and vouchers.

Job Title: Application Security Engineer

Location: Makati, City

Job Type: Full-time

Work Set-up: Hybrid Set-up

Paynamics Technologies is looking for an Application Security Engineer to join our growing Information Security team. If you're passionate about secure software development, threat prevention, and making an impact in fintech innovation, this could be your next big move.

Key Responsibilities

• Conduct comprehensive security risk and threat assessments for new applications and systems.
• Perform vulnerability testing, including scans, penetration testing, and exploit code execution.
• Recommend and implement technical solutions to mitigate identified security risks.
• Collaborate with the Research and Development team to integrate security protocols into the software development lifecycle (SDLC).
• Maintain accurate and up-to-date documentation of vulnerabilities, remediation actions, and compliance measures.
• Deliver internal security training to promote best practices in data protection and risk management.
• Support the organizations adherence to Information Security Management System (ISMS) standards.

Skills & Knowledge

• Hands-on experience with vulnerability management, penetration testing, and SAST tools.
• Strong understanding of SDLC integration and security frameworks.
• Experience in fintech or banking environments is a big plus.
• Familiarity with IT governance, compliance standards, and risk remediation.

Qualifications

• Bachelors degree in Computer Science, Engineering, or related field
• Experience: 5 years in IT (2+ in Information Security, especially application or network security)
• Strong background in security assessment methodologies, penetration testing, and security framework implementation.
• Familiarity with SAST tools and other vulnerability detection platforms.
• Proven ability to collaborate across functions and communicate effectively with technical and non-technical stakeholders.
• Prior experience in financial services or fintech is an advantage.

By applying, you authorize the company to process your personal information solely for recruitment purposes, in accordance with applicable data protection regulations.

Job brief

Seeking for an experienced
Application Security Head
to drive our secure development initiatives and lead a team of security professionals. The ideal candidate will have a strong technical background in application security, hands-on expertise with security testing tools, and proven leadership experience in building and managing security programs for modern application environments.

Responsibilities

• Lead the application security function, providing guidance and mentorship to the team.
• Design, implement, and oversee the application security program, including policies, standards, and best practices
• Manage and conduct application security testing (SAST, DAST, IAST, RASP) across multiple projects.
• Partner with engineering, DevOps, and product teams to embed secure coding practices throughout the software development lifecycle (SDLC).
• Evaluate, implement, and maintain application security tools such as Veracode, Checkmarx, Burp Suite, Fortify, and others.
• Collaborate with developers and architects to secure modern application architectures, including microservices, containers, and APIs.
• Provide expert guidance on the OWASP Top 10 and other common vulnerabilities.
• Monitor emerging threats, vulnerabilities, and security trends to continuously enhance the security posture.
• Drive remediation and risk mitigation efforts, ensuring compliance with internal and external standards.
• Report on application security metrics and program effectiveness to senior leadership.

Requirements

• 10+ years of experience in application security, with at least 3+ years in a leadership role.
• Strong knowledge of application security testing methodologies and tools (SAST, DAST, IAST, RASP).
• Deep understanding of OWASP Top 10, secure coding practices, and software security standards.
• Proven experience with application security tools (e.g., Veracode, Checkmarx, Burp Suite, Fortify).
• Familiarity with modern architectures such as microservices, containers, APIs.
• Experience collaborating across engineering, DevOps, and product teams to drive secure development practices.
• Excellent communication, leadership, and stakeholder management skills.

For FILIPINO CITIZEN WHO IS CURRENTLY in the PHILIPPINES ONLY

Job Title: Application Security Lead

Key Roles and Responsibilities

• Develops and implements cybersecurity strategies, policies, procedures, and incidentresponse plans, ensuring alignment with organizational objectives and compliance with relevant standards and regulations.

• Supports the Head of Infrastructure and Security Management by overseeing the organization's overall cybersecurity posture and risk management initiatives.

• Conducts regular risk assessments, vulnerability scans, penetration testing, and incident monitoring, implementing appropriate controls and coordinating with internal teams to mitigate threats and manage recovery efforts.

• Manage security tools and systems, including firewalls, intrusion detection systems, SIEM, and VAPT tools, router and switch configurations

• Maintains logs, documents incident responses, and ensures cybersecurity incidents are properly recorded and reviewed.

• Collaborates with cross-functional teams (Systems, Networks, Application Development, Solutions Development) to embed security into systems and operations, approve system access changes, and communicate security risks and recommendations to stakeholders.

• Leads security awareness and education initiatives, delivering training programs on best practices, phishing prevention, evolving threats, and user responsibilities to employees and management.

• Reviews IT processes, business services, and infrastructure to ensure alignment with established security, compliance, and governance standards.

• Supports the Data Protection Officer (DPO) in the implementation of enterprise risk management initiatives and data protection measures.

• Develops and maintains risk management frameworks, including policies and procedures for business continuity, disaster recovery, and infrastructure security.

Job Specifications:

• Must be a graduate of Information Technology or any relevant course.
• Must have at least 2-3 years experience.
• Office Address: Meralco Ave, Ortigas Center, Pasig City.

Summary:

As a Security Engineer, you will be responsible for applying security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve managing firewall operations, ensuring the security of the organization's network infrastructure, and mitigating cyber threats.

Roles & Responsibilities:

- Develop and implement security solutions to protect enterprise systems, applications, data, assets, and people against cyber threats.

- Conduct security assessments and penetration testing to identify vulnerabilities and recommend remediation strategies.

- Collaborate with cross-functional teams to ensure security requirements are integrated into the design and development of enterprise systems and applications.

- Provide guidance and support to stakeholders on security best practices and policies.

- Stay updated with the latest advancements in Application Security and integrate innovative approaches for sustained competitive advantage.

Job Qualifications:

Professional & Technical Skills: 

- Required Skill: Expertise in Application Security

- Additional Must to Have Skills: Knowledge of security frameworks such as NIST, ISO, and CIS

- Additional Good to Have Skills: Experience with cloud security, network security, and identity and access management

-Basic knowledge of Web app, Mobile app, Network, Wireless security

-Knowledge of programming languages: ASPNet, C, SQL Server Database, PHP, Python etc

-Experience and knowledge of: Windows, Linux OS

-Ability to work in Team, learning and self-development attitude

-Ability to plan and project / tasks delivery

-Good spoken and written english skills

-Problem-solving and customer-centric attitude

- Strong understanding of security assessment and penetration testing methodologies.

- Experience with security tools such as Burp Suite, Nessus, and Metasploit

- Solid grasp of security best practices and policies

- Excellent communication and collaboration skills

Additional Information:

- The candidate should have at least 5-6 years of experience in Application Security

- The ideal candidate will possess a strong educational background in Computer Science, Information Technology, or a related field, along with a proven track record of delivering impactful security solutions

JOB SUMMARY:

This position is within the Software Development and IT organization of a Fortune 100 company. The department supports the front-end applications and edge services facilitating residential and SMB sales orders. Our team enables the department's success by creating quality documentation, optimizing internal processes, and driving efforts to improve our security posture and remediate compliance issues.

RESPONSIBILITIES:

In a typical month, this person will spend most of their time analyzing vulnerability and risk findings, validating remediation claims, and reporting on remediation progress. The remainder of their availability will go toward updating knowledge documentation, learning and documenting complex procedures, facilitating risk assessments, responding to audit and security team requests for information, submitting compliance related questionnaires regarding technical aspects of application platforms.

Some of this security analyst responsibilities include:

● Clearly defining and developing new policies, processes, training documents, and best practices. ● Collaborating with technical teams to improve observability.

● Reviewing risk findings, assigning them to fix teams, and reporting remediation efforts and related challenges.

● Gathering key information for exception requests, including risk details, action plans, and remediation dependencies.

● Partnering with security teams to improve data quality in security tools and external reports.

● Hosting meetings with members of application, security, and leadership teams to communicate updates and changes to security postures.

● Validating submitted evidence meets requirements to resolve risks and compliance issues.

● Educating application teams on security subject matter.

PREFERRED SKILLS & EXPERIENCE:

To be successful, this person will must possess a strong understanding of the wide array of AppSec and InfoSec tools, protocols, and best practices applicable to application platforms, including their infrastructure. This person must have experience maintaining team documentation, leading meetings, escalating issues, and driving teams to deliver work.

The ideal person will have a minimum of 8 years of experience in software engineering, cybersecurity, and/or cyber-audit, and will clearly express the following characteristics and competencies:

● Strong verbal communication skills. Must be comfortable speaking in front of audiences including technical teams and senior leaders, including VPs.

● Strong written communication skills with the ability to produce quality literature and technical documentation.

● The ability to collaborate with technical teams to define, improve, and document procedures to meet compliance requirements.

● Diligence in tracking and following up on action items and inquiries across multiple efforts and teams.

● Strong knowledge in security standards and practices for both on-premises and AWS environments; CCSP, CISSP, or other cloud-focused application security certifications are a big plus.

● Familiarity with Data Center and AWS infrastructure, including data center network architectures, virtualization, containerization, and AWS products/offerings.

● Ability to perform analysis and tests to validate findings and remediation claims.

● A strong knowledge of ITIL operations and agile development practices. Experience working in a DevSecOps culture is a plus. The ability to quickly navigate matrixed environments is a must.

● Experience in a software engineering, delivery manager, or a project manager role is strongly desired

Position:
Vice President Application Security

Location:
BGC, Taguig

Work Setup:
Hybrid

Schedule:
Night Shift

About The Role
We are seeking an experienced
Vice President for Application Security
to lead the development and execution of enterprise-wide application security strategies. This role will be based in
BGC on a hybrid setup
and will operate during the
night shift
to align with global teams.

Key Responsibilities

• Lead the overall application security program, ensuring alignment with business and technology goals.
• Oversee secure software development lifecycle (SDLC) practices across the organization.
• Develop and manage strategies for threat modeling, vulnerability management, and incident response.
• Ensure compliance with relevant security standards and frameworks (ISO 27001, NIST, OWASP, PCI-DSS, SOC 2, etc.).
• Build, mentor, and lead a high-performing security team.
• Collaborate with executives, product, and engineering teams to embed security best practices into organizational processes.
• Provide regular reporting on risk posture and security initiatives to senior leadership.

Qualifications

• Extensive professional experience in application security leadership roles.
• Strong technical expertise in secure SDLC, application testing, and vulnerability management.
• Demonstrated knowledge of compliance frameworks such as ISO 27001, NIST, PCI-DSS, and SOC 2.
• Proven ability to lead and scale security programs in enterprise environments.
• Excellent communication and stakeholder management skills.
• Ability to work effectively in a global, fast-paced environment.

Why Join Us

• Opportunity to shape and lead a global application security strategy.
• Collaborative and innovative work culture.
• Competitive executive-level compensation and benefits.

How To Apply
Interested candidates are encouraged to submit their updated CV for consideration.