Applications Security Analyst

Vulnerability Assessment and Penetration Testing Specialist / Offensive Security

Posted today

QUALIFICATIONS:

• At least 3-5 years as a VAPT Specialist/Offensive Security or other related roles.
• Hands-on experience in web and mobile application VAPT, following the OWASP Top 10 testing framework
• Proficient in using open-source and commercial security testing tools such as Kali Linux, Metasploit, Qualys, Nessus, Burp Suite, OWASP ZAP, etc.
• Working knowledge of web and mobile application development
• Ability to write assessment reports that are clear and understandable for both technical and non-technical audiences
• Cybersecurity certifications such as CEH, CISSP, or equivalent are preferred
• Should be amendable to work Hybrid (3x a week onsite - temporary) and 100% onsite in Ortigas in the future.

RESPONSIBILITIES:

• Conduct vulnerability assessment and penetration testing on web and mobile applications
• Provide detailed assessment report and recommendations following the preferred report format of the client, if available
• Provide assistance and consultation services to teams responsible for remediations
• Organize and conduct meetings or consultation sessions, when needed, to facilitate completion VAPT sub activities
• Independently manage and complete schedule of activities or assigned tickets
• Regularly submit progress report to immediate supervisors
• Ensure confidentiality of client information at all times

Posted today

No matter who you are, Pax8 is a place you can call home. We are growing globally, and are now expanding across Australia, New Zealand and Asia.

Culture is important to us, and at Pax8, it''s business, and it IS personal. We are passionate, creative, and humorously offbeat. We work hard, keep it fun, and expect the best.

We Elev8 each other. We Advoc8 for our partners. We Innov8 continuously. We Celebr8 life.

Overview:

Pax8 is the leading value-added cloud-based SaaS marketplace, simplifying the cloud journey for our partners by integrating technology, business intelligence, and proactive service to deliver an unparalleled experience. Serving thousands of partners through the indirect sales channel, our mission is to be the world''s favorite marketplace for technology professionals to buy cloud products. We are a fast-growing, dynamic, and high-energy organization with a start-up feel, allowing you to make a meaningful impact on the business.

We are a culture driven by values including Compassionate Candour, Seek to Understand, We Before Me, Do What You Say, Light Up Learning, and Driven by Passion.

Position Summary:

The Security Analyst at Pax8 is responsible for triaging and responding to cybersecurity events, analyzing and prioritizing detected vulnerabilities, monitoring threat intelligence, configuring and monitoring SaaS security controls, and collaborating with the Security Operations team.

Essential Responsibilities and Percentage of Time Spent (examples):

• Monitor security tools; triage and drive remediation; document findings.
• Perform forensic review and assess risk to business operations.
• Assess vulnerabilities and prioritize for remediation.
• Develop threat intelligence and analyze applicability to Pax8.
• Create and improve run books and automation across SecOps.
• Compose vulnerability and threat opinions for Pax8 users and communicate via proper channels.
• Generate metrics to support security initiatives.
• Stay current with industry trends and best practices; adapt the security program as needed.
• Collaborate with IT, engineering, legal, data management, HR, and business leaders to integrate security into processes.

Ideal Skills, Experience, and Competencies :

• Three or more years in a security-specific operations or engineering role.
• Experience in vulnerability assessment/management, identity management, or threat intelligence.
• At least two years in L2+ incident response, forensic analysis, remediation, and risk-based prioritization in enterprise environments.
• Operational experience securing public cloud deployments (AWS, Azure, GCP) or CSPM tooling.
• Experience using a major SIEM product; ability to perform ad-hoc searches and analysis.
• Experience with Microsoft security tools (Defender, Entra, Compliance Center, Intune).
• Understanding of security best practices and frameworks.
• Excellent communication, collaboration, and interpersonal skills.

Required Education & Certifications:

• B.A./B.S. in a related field or equivalent work experience.
• Security-focused certifications such as CISSP, GIAC, CEH, CySA+ (optional but desired).
• Cloud security certifications (AWS, Azure, GCP) optional.

Additional Details:

Professional office environment; remote/hybrid work requires secure and private internet access.

Physical Demands: Sedentary role.

Travel: Infrequent.

Reports to: Sr. Director of Security Operations.

Location: Manila, Philippines.

Position: Full-time.

Effective Date: August 2025.

About Us: Pax8 is an equal opportunities employer; privacy and data handling follow standard recruiting practices. Job Applicant Privacy Notice.