32 Threat Management jobs in the Philippines

Security Analyst II
- TaskUs is seeking a hands-on Security Analyst 2 for our third-Party Application Assurance to join our enterprise security team. As part of TaskUs' transformational security organization, we are looking for talented, experienced individual performers to help develop, and implement these foundational programs. As a hands-on security analyst, you will be responsible for identifying, assessing, tracking, and managing security risks in our third-party and internal security review programs. This role requires hands-on experience with assessing security risks, especially with specific security programs. You must be able to solve challenging security issues at scale and work collaboratively with all stakeholders. Additionally, you should be comfortable with incomplete requirements and a fast paced environment.
- Responsibilities:

- Conduct regular security assessments on third-parties and internal stakeholders on requirements and standards
- Collaborate with internal stakeholders on assessments and identify risks and track them
- Consult with internal stakeholders on security standards and best practices to protect Zoom data and systems
- Follow up with internal stakeholders and third-parties on remediation to ensure security risks are tracked and closed
- Requirements:

- At least 3 years experience specifically in a security role
- Prior experience working in third-party risk management, enterprise risk management, or security compliance teams
- Exceptional verbal and written communication skills necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge.
- Bachelor's degree in IT Security, Computer Science, or equivalent; or an additional 4 years of relevant IT experience.
- Others:

- Burp suite experience is great to have but any testing experience with tools that allow you to proxy
- Familiarity with tools that allow you to proxy
- Burp is a very familiar known too / similar tools are good too
- Nice-to-have tools/experience are web app testing / mobile app testing
- Familiarity with top 10 framework - OWASP framework to test any form of mobile/app. familiarity with the top 10 is great!
- Testing STK for security is a nice-to-have experience too

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

TaskUs is an Equal Opportunity Employer

**Req id**:29175- Makati City, National Capital Region (NCR), PH**OPENTEXT - THE INFORMATION COMPANY**
- As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.**The Opportunity**:

- Working in the Global Information Security team, the Security Architecture Analyst or Principal Security Analyst will work with the security architects to assist in the development and execution of the service catalogue. Assisting with assessing, prioritizing, and assigning work within the team. Ensure service requests are adequately documented and dispatched in a timely and priority order.- This analyst role will provide support for the third-party pen test lead. You will be working with cross functional teams in GIS, engineering, operations and working with external vendors to act as the point of contact for third party penetration testing. You will initiate workflows, ensure approvals are received, and communications to all stakeholders are distributed to ensure a successful third-party penetration test is achieved.- Working with architects/and the risk coordinator to document products risks is an integral part of the role as well. You will participate in security architecture reviews to assist in documenting security gaps and risks in the products.**You are great at**:

- Working with cross functional teams
- Organizing, and coordinating service requests
- Communicating to stakeholders and communicating across different functional areas

**What it takes**:

- Bachelor’s Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
- 3+ years in security role, preferably third party pen testing related
- Strong inter-personal skills are required to work across multiple internal business units
- Familiar with commonly used information security frameworks, best practices, and standard procedures
- Capable of working independently under pressure in a continually changing environment
- Strong knowledge of Open Text Commercial products and solutions is helpful
- Audit framework knowledge for ISO27001/27017, SOC1 & SOC2, PCI-DSS, HIPAA desired
- Strong written and verbal communication skills
- Ability to participate in key proactive security programs. CISA, CISM, CISSP or other IT certifications preferred
- Amenable to working the night shift
- Work in Makati City, National Capital Region (NCR), Philippines
- At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.- Subject to applicable laws and regulations, OpenText’s Global Vaccination Policy requires all employees to be fully vaccinated against Covid 19 in order to enter an OpenText office. Accommodations may be available.

**Req id**:29175- Makati City, National Capital Region (NCR), PH**OPENTEXT - THE INFORMATION COMPANY**
- As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.**The Opportunity**:

- Working in the Global Information Security team, the Security Architecture Analyst or Principal Security Analyst will work with the security architects to assist in the development and execution of the service catalogue. Assisting with assessing, prioritizing, and assigning work within the team. Ensure service requests are adequately documented and dispatched in a timely and priority order.- This analyst role will provide support for the third-party pen test lead. You will be working with cross functional teams in GIS, engineering, operations and working with external vendors to act as the point of contact for third party penetration testing. You will initiate workflows, ensure approvals are received, and communications to all stakeholders are distributed to ensure a successful third-party penetration test is achieved.- Working with architects/and the risk coordinator to document products risks is an integral part of the role as well. You will participate in security architecture reviews to assist in documenting security gaps and risks in the products.**You are great at**:

- Working with cross functional teams
- Organizing, and coordinating service requests
- Communicating to stakeholders and communicating across different functional areas

**What it takes**:

- Bachelor’s Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
- 3+ years in security role, preferably third party pen testing related
- Strong inter-personal skills are required to work across multiple internal business units
- Familiar with commonly used information security frameworks, best practices, and standard procedures
- Capable of working independently under pressure in a continually changing environment
- Strong knowledge of Open Text Commercial products and solutions is helpful
- Audit framework knowledge for ISO27001/27017, SOC1 & SOC2, PCI-DSS, HIPAA desired
- Strong written and verbal communication skills
- Ability to participate in key proactive security programs. CISA, CISM, CISSP or other IT certifications preferred
- Amenable to working the night shift
- Work in Makati City, National Capital Region (NCR), Philippines
- At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.- Subject to applicable laws and regulations, OpenText’s Global Vaccination Policy requires all employees to be fully vaccinated against Covid 19 in order to enter an OpenText office. Accommodations may be available.

**OPENTEXT - THE INFORMATION COMPANY**

As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.

**The Opportunity**:
Working in the Global Information Security team, the Security Architecture Analyst or Principal Security Analyst will work with the security architects to assist in the development and execution of the service catalogue. Assisting with assessing, prioritizing, and assigning work within the team. Ensure service requests are adequately documented and dispatched in a timely and priority order.

This analyst role will provide support for the third-party pen test lead. You will be working with cross functional teams in GIS, engineering, operations and working with external vendors to act as the point of contact for third party penetration testing. You will initiate workflows, ensure approvals are received, and communications to all stakeholders are distributed to ensure a successful third-party penetration test is achieved.

Working with architects/and the risk coordinator to document products risks is an integral part of the role as well. You will participate in security architecture reviews to assist in documenting security gaps and risks in the products.

**You are great at**:

- Working with cross functional teams
- Organizing, and coordinating service requests
- Communicating to stakeholders and communicating across different functional areas

**What it takes**:

- Bachelor’s Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
- 3+ years in security role, preferably third party pen testing related
- Strong inter-personal skills are required to work across multiple internal business units
- Familiar with commonly used information security frameworks, best practices, and standard procedures
- Capable of working independently under pressure in a continually changing environment
- Strong knowledge of Open Text Commercial products and solutions is helpful
- Audit framework knowledge for ISO27001/27017, SOC1 & SOC2, PCI-DSS, HIPAA desired
- Strong written and verbal communication skills
- Ability to participate in key proactive security programs. CISA, CISM, CISSP or other IT certifications preferred
- Amenable to working the night shift
- Work in Makati City, National Capital Region (NCR), Philippines

At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.

Subject to applicable laws and regulations, OpenText’s Global Vaccination Policy requires all employees to be fully vaccinated against Covid 19 in order to enter an OpenText office. Accommodations may be available.

**OPENTEXT - THE INFORMATION COMPANY**

As the Information Company, our mission at OpenText is to create software solutions and deliver services that redefine the future of digital. Be part of a winning team that leads the way in Enterprise Information Management.

**The Opportunity**:
Working in the Global Information Security team, the Security Architecture Analyst or Principal Security Analyst will work with the security architects to assist in the development and execution of the service catalogue. Assisting with assessing, prioritizing, and assigning work within the team. Ensure service requests are adequately documented and dispatched in a timely and priority order.

This analyst role will provide support for the third-party pen test lead. You will be working with cross functional teams in GIS, engineering, operations and working with external vendors to act as the point of contact for third party penetration testing. You will initiate workflows, ensure approvals are received, and communications to all stakeholders are distributed to ensure a successful third-party penetration test is achieved.

Working with architects/and the risk coordinator to document products risks is an integral part of the role as well. You will participate in security architecture reviews to assist in documenting security gaps and risks in the products.

**You are great at**:

- Working with cross functional teams
- Organizing, and coordinating service requests
- Communicating to stakeholders and communicating across different functional areas

**What it takes**:

- Bachelor’s Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
- 3+ years in security role, preferably third party pen testing related
- Strong inter-personal skills are required to work across multiple internal business units
- Familiar with commonly used information security frameworks, best practices, and standard procedures
- Capable of working independently under pressure in a continually changing environment
- Strong knowledge of Open Text Commercial products and solutions is helpful
- Audit framework knowledge for ISO27001/27017, SOC1 & SOC2, PCI-DSS, HIPAA desired
- Strong written and verbal communication skills
- Ability to participate in key proactive security programs. CISA, CISM, CISSP or other IT certifications preferred
- Amenable to working the night shift
- Work in Makati City, National Capital Region (NCR), Philippines

At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer.

Subject to applicable laws and regulations, OpenText’s Global Vaccination Policy requires all employees to be fully vaccinated against Covid 19 in order to enter an OpenText office. Accommodations may be available.

Security Analyst II

TaskUs is seeking a hands-on Security Analyst 2 for our third-Party Application Assurance to join our enterprise security team. As part of TaskUs' transformational security organization, we are looking for talented, experienced individual performers to help develop, and implement these foundational programs. As a hands-on security analyst, you will be responsible for identifying, assessing, tracking, and managing security risks in our third-party and internal security review programs. This role requires hands-on experience with assessing security risks, especially with specific security programs. You must be able to solve challenging security issues at scale and work collaboratively with all stakeholders. Additionally, you should be comfortable with incomplete requirements and a fast paced environment.

**Responsibilities**:

- Conduct regular security assessments on third-parties and internal stakeholders on requirements and standards
- Collaborate with internal stakeholders on assessments and identify risks and track them
- Consult with internal stakeholders on security standards and best practices to protect Zoom data and systems
- Follow up with internal stakeholders and third-parties on remediation to ensure security risks are tracked and closed

**Requirements**:

- At least 3 years experience specifically in a security role
- Prior experience working in third-party risk management, enterprise risk management, or security compliance teams
- Exceptional verbal and written communication skills necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge.
- Bachelor's degree in IT Security, Computer Science, or equivalent; or an additional 4 years of relevant IT experience.

Others:

- Burp suite experience is great to have but any testing experience with tools that allow you to proxy
- Familiarity with tools that allow you to proxy
- Burp is a very familiar known too / similar tools are good too
- Nice-to-have tools/experience are web app testing / mobile app testing
- Familiarity with top 10 framework - OWASP framework to test any form of mobile/app. familiarity with the top 10 is great!
- Testing STK for security is a nice-to-have experience too

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

TaskUs is an Equal Opportunity Employer

**Responsibilities**:
**Application Hardening**
- Application Architecture Review (Scoping)
- Fine-tune SAST/DAST tools and processes according to policies
- Conducts false positive analysis and code reviews
- Reproduce, demonstrate, and retest vulnerabilities
- Assess risk, recommend remediation, and generate vulnerability report
- Review reports and provide feedback to software developers and provide reports to management
- Provide developer walkthrough relating to vulnerability findings
- Continually improve SAST/DAST process and environment

**Others**
- Threat Modeling

**Qualifications**:

- Graduate of Bachelor’s Degree course, preferably IT related courses
- At least 2 years of coding / developer experience and understanding of the SLDC process
- Open to higher years of experience. Role calibration will be done during skills interview.
- Good foundation in computer programming on data structures, design patterns, object-oriented programming, algorithms, and software design
- Experience working on large enterprise organizations
- Working knowledge to administer MS Windows or Linux
- Understanding and familiarity with common code review methods and standards
- Working knowledge on secure coding practice
- Strong foundation on web service technologies such as XML, REST, SOAP, AJAX, JSON, HTML5, JavaScript, and CSS3
- Familiar on different security standards and frameworks such as CIS, COBIT, ISO 17799, ISO 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP, PCI-DSS, OWASP
- Good oral and written communication skills
- Strong attention to details, documentation, and organizational skills
- SAST / DAST certifications
- Must be knowledgeable to the following technologies:

- SAST: SonarQube, Checkmarx, Forify, Codacy, MobSF, Veracode
- DAST: Acunetix, AppScan, Burp Suite, Nessus, Nexpose, QualysGuard, WebInspect

**Join our high-performing team and enjoy these benefits**:

- Healthcare Insurance (HMO) & Life Insurance coverage from day 1 of employment
- Expanded maternity leave up to 120 days*
- Expanded paternity leave up to 30 days*
- Employee Stock Purchase Pan
- Loyalty and Christmas Gift
- Inclusion and Diversity Benefits
- Night Differential
- Allowances
- Car and housing plan
- Company-sponsored trainings like upskilling and certification
- Flexible Working Arrangements
- Healthy and Encouraging Work Environment

**TERMS AND CONDITIONS**

**Additional Information**:
The following documents will be asked as part of the pre-hiring requirements prior onboarding. We recommend to prepare the requirements early to ensure on time onboarding. Detailed discussion will take place during onboarding process as well as changes on the requirements as needed.
- Transcript of Records (TOR)
- Diploma (for graduates only) and/or Certificate of Graduation
- Certificate of Employment (COE) and/or SSS Employment History
- Government Documents:

- SSS ID and/or SSS Verification Form
- SSS Statement of Account (SOA)
- SSS Certificate of Contribution
- Pag-IBIG Member’s Data Record (MDR)
- Philhealth ID and/or Philhealth Member Data Record (MDR)
- TIN ID and/or Processed BIR Form 1905 or any BIR documents reflecting your TIN and with BIR Stamped
- NSO Birth Certificate

**Salary**: Php28,000.00 - Php145,000.00 per month

Schedule:

- 8 hour shift
- Rotational shift

Job Scope:
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.

The primary responsibility is to identify, secure, and weed out the threats as front-line defense personnel. They are alert and aggressive to filter out suspicious activity and mitigate risks before any incident occur. When an incident occurs, SOC analysts are the first to counter the attacks and make required attempts to defend.
- Monitoring and analysis of cyber security events.
- Conduct security assessments regularly to identify vulnerabilities and performing risk analysis. Execution of SOC procedures & analyze the breach to reach the root cause.
- Triage security events and incidents, detect anomalies, and report remediation actions.
- Generate reports for IT administrators, business managers, and security leaders. These reports serve as an input to evaluate the efficacy of the security policies.
- Keep the security systems up to date and contributing to security strategies.
- Document incidents to contribute to incident response and disaster recovery plans.
- In the case of third-party vendors, verify their security strength and collaborate with them.
- Ensure completeness of the incident information.
- Escalation of incidents to be handled to L2 SOC team, when relevant.
- Follow up on remediation activities
- Triage on general information security tickets