219 Cybersecurity Analysts jobs in the Philippines

QUALIFICATIONS:

• At least 3-5 years as a VAPT Specialist/Offensive Security or other related roles.
• Hands-on experience in web and mobile application VAPT, following the OWASP Top 10 testing framework
• Proficient in using open-source and commercial security testing tools such as Kali Linux, Metasploit, Qualys, Nessus, Burp Suite, OWASP ZAP, etc.
• Working knowledge of web and mobile application development
• Ability to write assessment reports that are clear and understandable for both technical and non-technical audiences
• Cybersecurity certifications such as CEH, CISSP, or equivalent are preferred
• Should be amendable to work Hybrid (3x a week onsite - temporary) and 100% onsite in Ortigas in the future.

RESPONSIBILITIES:

• Conduct vulnerability assessment and penetration testing on web and mobile applications
• Provide detailed assessment report and recommendations following the preferred report format of the client, if available
• Provide assistance and consultation services to teams responsible for remediations
• Organize and conduct meetings or consultation sessions, when needed, to facilitate completion VAPT sub activities
• Independently manage and complete schedule of activities or assigned tickets
• Regularly submit progress report to immediate supervisors
• Ensure confidentiality of client information at all times

Responsibilities:

• Actively monitor, detect, and respond to security alerts and incidents per defined SLA.
• Incidents are acknowledged and responded to within the agreed response SLO
• Perform alert triage and analysis including asset and custodian identification, reputational checking, and alert validation
• Perform containment and eradication within the agreed response SLO
• Ensures resolution of incidents within the defined SLOs
• Utilize IR toolsets such as ServiceNow, EAS, IPS, WAF, NAC, Firewall etc
• Timely submission of Operational Performance reports/dashboards/value reports for consumption of management

Qualifications:

• Bachelor's degree of Information Technology, Computer Science, Computer Engineering
• At least 1-2 years' work experience in Incident Response
• Knowledgeable in Security Monitoring and Service Management Tools

Join a Team That's Passionate About Making Lives Better

At Bill Gosling Outsourcing, we believe that success starts with an amazing team. We are a global leader in outsourcing solutions, we focus on making lives better, one connection at a time. We provide tailored solutions to businesses around the globe, specializing in customer care, sales, and financial services. We're looking for enthusiastic, driven individuals to join our dynamic work environment where fun meets results

The Information Security Analyst plans and carries out security measures to protect our organization's computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases.

They will be heavily involved with creating our disaster recovery plan, including preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. The Information Security Analyst will continually test the steps in their recovery plans.

Information Security Analysts are required stay up to date on IT security and on the latest method attackers are using to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization. In addition to reviewing and auditing the Information Technology Infrastructure for the maintenance of security and compliance.

What You'll Do:

• Hands on installation, support, configuration and maintenance of Bill Gosling's network and security equipment (hardware and software).
• Create and assist with the maintenance of Business Management System and Business Continuity Management Manual including: Request for Change, Incident, Problem and Risk Identification process per Bill Gosling's ISO 9001/27001 processes related to networking and security infrastructure. Ensure information is accurate and complete and provide clarification as requested. Execute changes upon approval.
• Manage the securitization of LAN, WAN, routers/switches, internal/external connectivity, Firewalls, VPN, VOIP, wireless and related network/security technologies as required.
• Creation and maintenance of internal and external information security documentation such as client/vendor/internal audits.
• Participation in Disaster Recovery / Business Continuity / Cyber Response planning and testing.
• Contribute to operational and support best practices and standard process development through secure practices.
• Ensure network and security infrastructure and related procedures support business requirements.
• Collaborate with, support, and provide coverage for other roles within the IT department as needed.
• Perform other duties as assigned by management and/or supervisor.
• Deal with clients in a professional and appropriate manner, in accordance with Bill Gosling Outsourcing's "Promise of Performance" and "The Gosling Theory" and all Company Policies
• On-call and after-hours work required
• Ability to travel to/from branch offices if required
• Highly available and reliable in times of emergency changes and/or support
• Contact person for Network / Information Security related matters
• Participation in weekly Change Advisory Board (CAB), Control Self-Assessment (CSA) Board and Information Security and Risk meetings
• Logging of RFCs, Incidents, Problems and Risks per Bill Gosling's ISO 27001 and PCI DSS standard processes.
• Function as an internal consulting resource on network, information security issues and/or coordinate information security efforts with the internal Control Self-Assessment (CSA) team or other business functions
• Conduct/complete information security risk assessment programs including internal, vendor and client assessments
• Provide, coordinate and/or assist with network and information security awareness, Incident response and change management, Business continuity & disaster recovery programs and serve as the information security contact for all internal/external users/clients/vendors/contractors
• Ensure the secure operation of the organization's computer systems, servers, and network connections.
• Audit network and user activity in addition to assisting with the maintenance of the Branch Test/Task Schedule.
• Perform internal/external vulnerability scanning, reporting and remediation
• Determine network and security needs, develop, and implement solutions.
• Identification of non-conforming processes, security or services
• Report access privileges inappropriate to job duties to the MC and/or VP for correction
• Internal consulting related to understanding of ISO 9001/27001(Security) standard
• Understanding of PCIDSS and requirements related to certification at Bill Gosling Outsourcing
• Champion company core values and other company programs
• Other duties as assigned

Education

High School Diploma

Post-secondary studies in Information Security field would be preferred

Experience

Minimum two years of work experience in IT and/or Information Security

Knowledge of computer networks, information systems, infrastructure and applications

Ability to troubleshoot, configured and deploy information systems from a security perspective considered an asset

Certificates, Licenses, & Registration:

CISSP Certified, or be able to pass the CISSP Official Exam within time allotted, or country specific equivalent

Cisco CCNA certified in R&S and/or in Security, or be able to pass the Exam(s) within time allotted, or country specific equivalent

Reports to: Team Leader, Information Security Core, Information Security Department

What We're Looking For:

All Information security responsibilities can be located in The Book of Bill (Global) and The Book of Bill (Global) – French. Please note that Information security responsibilities are based on role.

Why Join Us?

• Growth Opportunities: We believe in promoting from within and providing opportunities for career advancement.
• Comprehensive Training: We offer extensive paid training to ensure you're equipped for success.
• Team-Oriented Culture: Work in a collaborative, supportive environment with peers who are passionate about what they do.
• Diversity & Inclusion: We celebrate the unique perspectives and contributions of all our employees.
• Fun Workplace: Join a vibrant team that knows how to have fun From team engagement activities to social events, we foster a lively and inclusive work environment where you'll build strong connections.
• State-of-the-Art Offices: Work in our modern, well-equipped offices designed to enhance collaboration and productivity.
• Rewarding Work: Help businesses grow while making a real difference in people's lives

Get to Know Us Better Follow us to get an insider view of our team in action, our values in motion, and a sneak peek into what makes us an awesome place to work

Twitter & Instagram: bgocareers

Facebook: Bill Gosling Outsourcing

LinkedIn: Bill Gosling Outsourcing

Website –

By applying to this position, you acknowledge that you have read and understood Bill Gosling Outsourcing's Privacy Policy and consent to the collection, use, and storage of personal information in accordance with the policy.

At Bill Gosling Outsourcing, we believe that diversity makes us stronger. We welcome applicants from all backgrounds and are committed to creating an inclusive and supportive workplace where everyone can thrive. Regardless of your race, gender, age, ability status, or any other characteristic, you are valued here. If you require accommodations at any stage of the hiring process, we are happy to work with you to ensure you have the support you need – just let us know.

Bill Gosling Outsourcing – Where your career thrives

Details:
Job Description

A Information Security Analyst, also known as a Security Incident Responder, is responsible for identifying, investigating, and responding to security incidents within an organization. Their primary role is to protect information systems and data from threats such as cyberattacks, breaches, and unauthorized access.

Key Responsibilities Include:

• Monitoring security alerts and network activity to identify potential incidents or threats.
• Investigating anomalies and determining the nature and scope of security incidents.
• Responding rapidly to security incidents, containing threats, eradicating malicious activity, and recovering affected systems.
• Conducting digital forensics and root cause analysis to understand how an incident occurred.
• Documenting incidents, actions taken, and lessons learned to improve future response efforts.
• Collaborating with IT, legal, and compliance teams to ensure proper response and reporting.
• Developing and updating incident response plans, playbooks, and security procedures.
• Staying up-to-date with the latest cyber threats, vulnerabilities, and best practices.

Cybersecurity responders play a critical frontline role in defending organizations against ever-evolving cyber threats, helping minimize damage and ensuring business continuity.

Job Requirements

Details:

• 2-3 years of proven experience in Security Incident Response within a professional environment
• Strong knowledge of major operating systems, including Windows, Linux, and macOS
• In-depth understanding of network protocols and architectures (such as TCP/IP, DNS, VPN, etc.)
• Demonstrated experience working with Security Information and Event Management (SIEM) tools (e.g., Splunk, Microsoft Sentinel)
• Hands-on expertise in incident detection, analysis, response, and recovery processes
• Ability to conduct root cause analysis and recommend appropriate remediation steps
• Must have at least one recognized security certification
• Familiarity with cybersecurity frameworks and best practices is a plus
• Excellent problem-solving skills, with the ability to work calmly and efficiently under pressure
• Willingness to work in shifting schedules, including nights, weekends, and holidays
• Strong written and verbal communication skills, with the ability to document and convey technical information clearly to various audiences

We are looking for Information Security Analyst, who is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

• Contribute to the development and continual improvement of company's security policies, standards, and guidelines. Identify the business needs for new security documentation and oversees its development and implementation.
• Monitor and assess processes, as well as control activities, to ensure compliance with security policies, as well as applicable state and federal regulations.
• Assist in leading the organization's Security Awareness Training Program.
• Implement information security management system controls as determined by business needs.
• Conduct audits of key processes and controls, gap analyses, and risk assessments to assess control operating effectiveness, as well as evidentiary adequacy. Interface with corporate governance, and internal and external auditors; this function is the focal point of internal, external and customer security audit requests and testing.
• Coordinate evidence production on request, research issues with staff, coordinate availability of resources and systems, and ensure the technical and record-keeping infrastructure is ready for each audit cycle.
• Collaborate on the identification and evaluation of security products to enhance company security program
• Collaborate with IT leadership, product managers and other architects to understand the business direction and consequent impact on the security posture
• Participate in compliance initiatives such as internal and external audits, client security RFP responses, client security contractual reviews, and security certification initiative.
• Collaborate on development of department processes of handling & resolving security related incident escalations
• Coordinate with external vendors/contractors to meet organizational goals

QUALIFICATIONS

• Bachelor's degree from an accredited college in Computer Science or a related discipline, or equivalent experience/combined education.
• Working knowledge of government regulations and security requirements involving loan mortgage industry a plus.
• Proven communication skills, good judgement and strong customer service relations
• 3 or more years previously in role focused on enterprise-wide security controls, programs and systems.
• Detailed knowledge in specialized security technical tools and techniques, along with implementation and administration
• Experience with managing multiple different risk-management frameworks.
• Experience with enterprise-wide security, compliance and working closely with internal and external system auditors
• Experience in securing and monitoring cloud-based environments
• Experience in managing cloud-based SaaS providers.
• Working knowledge of project methodology, policy development and implementation

• Should be willing to accept a long-term work-from-home arrangement.
• Should be amenable to a permanent night shift schedule.

We're Hiring: Information Security Analyst – Incident Investigation

Location:
Cyber Security Operations Center

Reports To:
Cyber Security Incident Investigation and Threat Intel Manager

Division:
Cyber Security Investigation and Threat Intel

Are you passionate about uncovering the root cause of security incidents and leading investigations that make a real impact? Join our Cyber Security Operations Group as an Incident Investigation Analyst and help us strengthen our defenses against advanced threats.

What You'll Do

• Collect and analyze evidence or artifacts to determine root cause of incidents.
• Provide recommendations to improve the organization's security posture.
• Draft incident and threat intelligence reports.
• Coordinate with internal and external teams (HR, Legal, Compliance, Fraud, etc.).
• Assist the incident response team and stay updated on global security trends.

What You Bring

• Education:
  Graduate of IT or Engineering-related course (e.g., Computer Science, Computer Engineering, Physics, Mathematics, MIS, ECE).
• Experience:
  Minimum 4–8 years in cybersecurity, with at least 4 years of hands-on experience in incident investigation and threat intelligence.
• Skills:
• Incident response, digital forensics, malware analysis, and administrative investigation
• Advanced understanding of TCP/IP, UNIX/Linux and Windows OS
• Experience with security tools and frameworks (Splunk, Hadoop, ELK, YARA, etc.)
• Excellent communication, analytical, and leadership skills

What Sets You Apart

• Deep expertise in incident investigation and threat intelligence
• Ability to work under pressure and outside regular hours as needed
• Impeccable personal and professional integrity

What Success Looks Like

• Timely and thorough investigative and threat intel reports
• Enhanced detection and prevention capabilities
• Documented and scalable security processes

Why Join Us?

This is more than a job—it's a mission-critical role. You'll be part of a team that's shaping the future of cybersecurity, where your expertise directly protects our organization. If you're ready for a challenge and want to make a difference, we want you on our team.

Apply now and help us stay ahead of cyber threats.

We're looking for an
Information Security Analyst (Access Provisioning)
to join our ETS Control and Governance team at MBPS. In this role, you are expected to define and maintain a standard access model for cloud resources, review and approve access requests every day within the committed SLA. You will enhance existing automation to make the review and approval task more efficient. Furthermore, you will drive remediation of deviations from the standard access model.
Position Responsibilities

• Define and communicate the standard access model for various access level to resources in the Public Cloud service.
• Own the intake channels including SNOW Process and IaC Pipelines.
• Manage access authorization for public cloud resources.
• Perform access review and approval on a daily basis with the committed SLAs.
• Develop/enhance automation for intake, review, and implementation.
• Monitor assignment of privileged roles on a daily basis.
• Discover and remediate deviations from approved access model in the existing environment.
• Maintain an exception process and tracks temporary elevation of privileges.

Required Qualifications

• University/College graduate with 2 – 4 years of progressive experience related to identity and access management, cloud security
• Proven security mindset, Knowledge and understanding of any industry standard Access Management Framework, Principal of Least Privileged Access, Just-in-Time Access, RBAC and ABAC etc.
• Possess "automation-first" mindset. Writes automation(s) to streamline common tasks, tests, and workflows.
• Knowledge of following cloud platforms and Devop tools: Azure, Terraform, Github, GitHub Actions, Python, JIRA, Confluence
• Amenable to work in UP Ayala Technohub (Quezon City)
• Amenable to work in a hybrid set-up (3x a week onsite)
• Amenable to work in a fixed NIGHT shift schedule

Preferred Qualifications

• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
• A team player who can interact with various internal functions such as business unit security officers, security engineers, reliability engineers, DevOps engineers.
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement
• Proficient in English, both verbal and written

When You Join Our Team

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife And John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement
Hybrid

We're looking for an Information Security Analyst (Access Provisioning) to join our ETS Control and Governance team at MBPS. In this role, you are expected to define and maintain a standard access model for cloud resources, review and approve access requests every day within the committed SLA. You will enhance existing automation to make the review and approval task more efficient. Furthermore, you will drive remediation of deviations from the standard access model.

Position Responsibilities:

• Define and communicate the standard access model for various access level to resources in the Public Cloud service.
• Own the intake channels including SNOW Process and IaC Pipelines.
• Manage access authorization for public cloud resources.
• Perform access review and approval on a daily basis with the committed SLAs.
• Develop/enhance automation for intake, review, and implementation.
• Monitor assignment of privileged roles on a daily basis.
• Discover and remediate deviations from approved access model in the existing environment.
• Maintain an exception process and tracks temporary elevation of privileges.

Required Qualifications:

• University/College graduate with 2 – 4 years of progressive experience related to identity and access management, cloud security
• Proven security mindset, Knowledge and understanding of any industry standard Access Management Framework, Principal of Least Privileged Access, Just-in-Time Access, RBAC and ABAC etc.
• Possess "automation-first" mindset. Writes automation(s) to streamline common tasks, tests, and workflows.
• Knowledge of following cloud platforms and Devop tools: Azure, Terraform, Github, GitHub Actions, Python, JIRA, Confluence
• Amenable to work in UP Ayala Technohub (Quezon City)
• Amenable to work in a hybrid set-up (3x a week onsite)
• Amenable to work in a fixed NIGHT shift schedule

Preferred Qualifications:

• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
• A team player who can interact with various internal functions such as business unit security officers, security engineers, reliability engineers, DevOps engineers.
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement.
• Proficient in English, both verbal and written

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

Ensure the confidentiality, integrity, and availability of the organization's information assets

Duties and Responsibilities

• Risk Management – govern, manage, and mitigate information assets security risks

• Policy Development – create and maintain policies, standards and procedures (Information

Security and Data Governance)

• Security Awareness Training – such as but not limited to eLearning, Phishing, Information

Security Broadcasts

• Compliance & Security Review

• Incident & Risk Acceptance Management

• Project Management for Cybersecurity Solutions

• Vulnerability Management (MSOC, ASM, Broken Links, etc.)

Job Type: Full-time

Pay: Php25, Php30,000.00 per month

Benefits:

• Paid training

Work Location: In person