306 Cybersecurity Analysts jobs in the Philippines

Job Description:

You will:

• You will be responsible for conducting various security activities, including feasibility studies, automation initiatives, vulnerability assessments (VA), threat monitoring, risk assessments, policy compliance scanning, and reporting.
• Your role will be crucial in identifying and mitigating security risks, ensuring policy compliance, and maintaining a secure environment for our organization.
• Conduct daily feasibility studies to assess the viability and effectiveness of potential security measures or initiatives.
• Collaborate with cross-functional teams to gather information and analyze the feasibility of implementing new security solutions.
• Prepare reports summarizing the findings and recommendations from feasibility studies.
• Identify opportunities for process automation within the security operations function.
• Perform daily application onboarding and assessment for vulnerability scanning.
• Respond to risk assessment requests related to architecture design and new applications.
• Evaluate security risks associated with exemption requests for WAF rules, Snyk findings, IP/URL whitelisting, and ad-hoc assessments.

Key Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Solid understanding of information security principles, concepts, and best practices.
• Experience in conducting feasibility studies and performing risk assessments.
• Knowledge of vulnerability assessment tools and techniques.
• Familiarity with threat monitoring tools and practices.
• Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.

QUALIFICATIONS:

• At least 3-5 years as a VAPT Specialist/Offensive Security or other related roles.
• Hands-on experience in web and mobile application VAPT, following the OWASP Top 10 testing framework
• Proficient in using open-source and commercial security testing tools such as Kali Linux, Metasploit, Qualys, Nessus, Burp Suite, OWASP ZAP, etc.
• Working knowledge of web and mobile application development
• Ability to write assessment reports that are clear and understandable for both technical and non-technical audiences
• Cybersecurity certifications such as CEH, CISSP, or equivalent are preferred
• Should be amendable to work Hybrid (3x a week onsite - temporary) and 100% onsite in Ortigas in the future.

RESPONSIBILITIES:

• Conduct vulnerability assessment and penetration testing on web and mobile applications
• Provide detailed assessment report and recommendations following the preferred report format of the client, if available
• Provide assistance and consultation services to teams responsible for remediations
• Organize and conduct meetings or consultation sessions, when needed, to facilitate completion VAPT sub activities
• Independently manage and complete schedule of activities or assigned tickets
• Regularly submit progress report to immediate supervisors
• Ensure confidentiality of client information at all times

Responsibilities:

• Actively monitor, detect, and respond to security alerts and incidents per defined SLA.
• Incidents are acknowledged and responded to within the agreed response SLO
• Perform alert triage and analysis including asset and custodian identification, reputational checking, and alert validation
• Perform containment and eradication within the agreed response SLO
• Ensures resolution of incidents within the defined SLOs
• Utilize IR toolsets such as ServiceNow, EAS, IPS, WAF, NAC, Firewall etc
• Timely submission of Operational Performance reports/dashboards/value reports for consumption of management

Qualifications:

• Bachelor's degree of Information Technology, Computer Science, Computer Engineering
• At least 1-2 years' work experience in Incident Response
• Knowledgeable in Security Monitoring and Service Management Tools

Details:
Job Description

A Information Security Analyst, also known as a Security Incident Responder, is responsible for identifying, investigating, and responding to security incidents within an organization. Their primary role is to protect information systems and data from threats such as cyberattacks, breaches, and unauthorized access.

Key Responsibilities Include:

• Monitoring security alerts and network activity to identify potential incidents or threats.
• Investigating anomalies and determining the nature and scope of security incidents.
• Responding rapidly to security incidents, containing threats, eradicating malicious activity, and recovering affected systems.
• Conducting digital forensics and root cause analysis to understand how an incident occurred.
• Documenting incidents, actions taken, and lessons learned to improve future response efforts.
• Collaborating with IT, legal, and compliance teams to ensure proper response and reporting.
• Developing and updating incident response plans, playbooks, and security procedures.
• Staying up-to-date with the latest cyber threats, vulnerabilities, and best practices.

Cybersecurity responders play a critical frontline role in defending organizations against ever-evolving cyber threats, helping minimize damage and ensuring business continuity.

Job Requirements

Details:

• 2-3 years of proven experience in Security Incident Response within a professional environment
• Strong knowledge of major operating systems, including Windows, Linux, and macOS
• In-depth understanding of network protocols and architectures (such as TCP/IP, DNS, VPN, etc.)
• Demonstrated experience working with Security Information and Event Management (SIEM) tools (e.g., Splunk, Microsoft Sentinel)
• Hands-on expertise in incident detection, analysis, response, and recovery processes
• Ability to conduct root cause analysis and recommend appropriate remediation steps
• Must have at least one recognized security certification
• Familiarity with cybersecurity frameworks and best practices is a plus
• Excellent problem-solving skills, with the ability to work calmly and efficiently under pressure
• Willingness to work in shifting schedules, including nights, weekends, and holidays
• Strong written and verbal communication skills, with the ability to document and convey technical information clearly to various audiences

We're looking for an
Information Security Analyst (Access Provisioning)
to join our ETS Control and Governance team at MBPS. In this role, you are expected to define and maintain a standard access model for cloud resources, review and approve access requests every day within the committed SLA. You will enhance existing automation to make the review and approval task more efficient. Furthermore, you will drive remediation of deviations from the standard access model.
Position Responsibilities

• Define and communicate the standard access model for various access level to resources in the Public Cloud service.
• Own the intake channels including SNOW Process and IaC Pipelines.
• Manage access authorization for public cloud resources.
• Perform access review and approval on a daily basis with the committed SLAs.
• Develop/enhance automation for intake, review, and implementation.
• Monitor assignment of privileged roles on a daily basis.
• Discover and remediate deviations from approved access model in the existing environment.
• Maintain an exception process and tracks temporary elevation of privileges.

Required Qualifications

• University/College graduate with 2 – 4 years of progressive experience related to identity and access management, cloud security
• Proven security mindset, Knowledge and understanding of any industry standard Access Management Framework, Principal of Least Privileged Access, Just-in-Time Access, RBAC and ABAC etc.
• Possess "automation-first" mindset. Writes automation(s) to streamline common tasks, tests, and workflows.
• Knowledge of following cloud platforms and Devop tools: Azure, Terraform, Github, GitHub Actions, Python, JIRA, Confluence
• Amenable to work in UP Ayala Technohub (Quezon City)
• Amenable to work in a hybrid set-up (3x a week onsite)
• Amenable to work in a fixed NIGHT shift schedule

Preferred Qualifications

• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
• A team player who can interact with various internal functions such as business unit security officers, security engineers, reliability engineers, DevOps engineers.
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement
• Proficient in English, both verbal and written

When You Join Our Team

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife And John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement
Hybrid

Qualifications:

• Bachelor's Degree is an advantage - (Computer Science, Information Technology or other relevant fields)
• Risk management and Information Security Management System auditing experience
• Knowledge and experience with standards such as ISO /2. ISO 22301, PCI-DSS and Data Privacy Laws
• Good understanding of Risk Assessment Frameworks
• Knowledge in Microsoft 365 automation
• With at least 2 years' experience in Information Security preferred.
• Amenable to work on shifting schedule and support across multiple sites
• Can start as soon as possible

Functions:

• Supports Information Security Management System compliance and audit activities across multiple sites
• Conducts risk assessments and analysis to identify potential vulnerabilities and ensure risk mitigation
• Manages regulatory and compliance tasks independently, not limited to guided work
• Develops and delivers Information Security Management System related training materials and awareness programs
• Drafts and disseminates internal Information Security Management System communications to relevant teams
• Coordinates closely with internal departments and external stakeholders for Information Security Management System alignment
• Handles end-to-end compliance responsibilities—from documentation and implementation to closure and report generation
• Utilizes Microsoft 365 tools for workflow automation and documentation efficiency
• Maintains strong communication with supervisors and managers on compliance matters
• Holds relevant Information Security Management System related certifications and stays updated on industry standards
• Demonstrates flexibility and willingness to work across different office locations/sites

At Transcosmos, our mission is to leverage customer insights to always be client's most trusted partner. As an Asian-originated company, our vision is to create a global society where everyone is equal and treated with respect.

Transcosmos emphasize customer-oriented approach by putting customers as our priority and value their feedback. Employee-oriented approach by working as an entity to achieve mutual organizational goals. As professionals, we work with pride, confidence and passion to fulfill responsibilities and accountabilities.

Rewarding Career

We support and encourage our people to grow in more than one dimension, to achieve all they can be both professionally and personally. As such, we provide our talents with opportunities to embrace changes, promote equal career advancement and growth, thus get rewarded.

Connected Team - We are ONE

We prioritize mutual understanding, open communication and empowerment to lead things and get everyone connected in the same page. This is manifested through sense of camaraderie, internal alignment, cooperation and collaboration across teams, territories and continents.

Intrinsic Values and Culture

We practice unique values and culture composition where local culture is prioritized and driven to immerse in global culture. It encompasses all aspects inclusive of fostering professional relationship enriched with transparent communication and mutual beliefs on gender equality, demographics, diversity and inclusion.

We're looking for an Information Security Analyst (Access Provisioning) to join our ETS Control and Governance team at MBPS. In this role, you are expected to define and maintain a standard access model for cloud resources, review and approve access requests every day within the committed SLA. You will enhance existing automation to make the review and approval task more efficient. Furthermore, you will drive remediation of deviations from the standard access model.

Position Responsibilities:

• Define and communicate the standard access model for various access level to resources in the Public Cloud service.
• Own the intake channels including SNOW Process and IaC Pipelines.
• Manage access authorization for public cloud resources.
• Perform access review and approval on a daily basis with the committed SLAs.
• Develop/enhance automation for intake, review, and implementation.
• Monitor assignment of privileged roles on a daily basis.
• Discover and remediate deviations from approved access model in the existing environment.
• Maintain an exception process and tracks temporary elevation of privileges.

Required Qualifications:

• University/College graduate with 2 – 4 years of progressive experience related to identity and access management, cloud security
• Proven security mindset, Knowledge and understanding of any industry standard Access Management Framework, Principal of Least Privileged Access, Just-in-Time Access, RBAC and ABAC etc.
• Possess "automation-first" mindset. Writes automation(s) to streamline common tasks, tests, and workflows.
• Knowledge of following cloud platforms and Devop tools: Azure, Terraform, Github, GitHub Actions, Python, JIRA, Confluence
• Amenable to work in UP Ayala Technohub (Quezon City)
• Amenable to work in a hybrid set-up (3x a week onsite)
• Amenable to work in a fixed NIGHT shift schedule

Preferred Qualifications:

• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
• A team player who can interact with various internal functions such as business unit security officers, security engineers, reliability engineers, DevOps engineers.
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement.
• Proficient in English, both verbal and written

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

Ensure the confidentiality, integrity, and availability of the organization's information assets

Duties and Responsibilities

• Risk Management – govern, manage, and mitigate information assets security risks

• Policy Development – create and maintain policies, standards and procedures (Information

Security and Data Governance)

• Security Awareness Training – such as but not limited to eLearning, Phishing, Information

Security Broadcasts

• Compliance & Security Review

• Incident & Risk Acceptance Management

• Project Management for Cybersecurity Solutions

• Vulnerability Management (MSOC, ASM, Broken Links, etc.)

Job Type: Full-time

Pay: Php25, Php30,000.00 per month

Benefits:

• Paid training

Work Location: In person