Penetration Tester

SGV is the largest professional services firm in the Philippines. In everything we do, we nurture leaders and enable businesses for a better Philippines. This Purpose is our aspirational reason for being that ignites positive change and inclusive growth.

Our multidisciplinary teams work across a full spectrum of services in assurance, tax, strategy and transactions, and consulting. Enabled by data, AI and advanced technology, we help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

At SGV, we develop you with future-focused skills and equip you with world-class experiences. We empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams.

Your Key Responsibilities

• Conduct vulnerability assessments to identify IT infrastructure weaknesses.
• Perform penetration tests to evaluate the impact of potential security breaches.
• Analyze scan results to prioritize threats and vulnerabilities.
• Develop and maintain a vulnerability management program with regular scans.
• Collaborate with teams to create strategies for vulnerability remediation.
• Document findings and provide reports with security improvement recommendations.
• Track and report on vulnerability remediation progress.
• Advise on the implementation of security best practices and controls.
• Stay current with security threats, vulnerabilities, and testing methods.
• Provide mentorship to junior team members on VM and VAPT practices.
• Participate in security incident response with expert analysis.
• Assist in developing security policies and standards for VM and VAPT.
• Lead client meetings to discuss assessment results and security posture.
• Contribute to the enhancement of internal VM and VAPT processes and tools.

To qualify for the role, you must have:

• Bachelor's degree in IT, computer science, computer engineering, management, business administration, or a related field.
• Minimum of two years of relevant experience in security testing.
• Proficiency with security assessment tools (e.g., Burpsuite, SQLmap, nmap, Nessus, Rapid7, Prisma).
• Good understanding of cloud security and modern architecture, with hands-on experience in AWS or Alibaba.
• Familiarity with various operating systems (Windows, Linux, Unix) and web platforms.
• Knowledge of programming languages and frameworks (SQL, C++, JavaScript, Ruby, Python).
• In-depth understanding of OWASP Top 10 and effective communication with development teams.
• Hands-on experience with penetration testing across networks, web applications, social engineering, and physical testing.
• Good understanding of vulnerability assessment, network security, security operations, and software development.
• Experience with web services, distributed systems, or mobile applications.
• Excellent written and verbal technical communication skills.
• Eagerness to learn new techniques, frameworks, and technologies.
• Professional certifications (CISSP, CISA, CEH, OSCP, etc.). Willingness to pursue cybersecurity certifications and external training.
• Ability to manage multiple tasks and projects in a fast-paced environment.
• Experience with SDLC and agile environments for application security testing.
• Skills in developing automated solutions for security testing.
• Knowledge of cloud security, modern architecture (microservices, serverless, automated delivery), and testing in these environments.
• Consulting experience with client interaction.
• Understanding of cryptography, secure software development lifecycle, DevSecOps, and cloud security.
• Hands-on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations).
• Ability to juggle many tasks and projects in a fast-moving environment
• Excellent written and verbal technical communication skills
• Has strong project management skills
• 4 years above overall experience

Optionally, you also have

• Relevant professional certification such as CISSP, CISA, CEH, OSCP, or other similar industry recognized certifications
• Ability to juggle many tasks and projects in a fast-moving environment
• Support SDLC and agile environments which application security testing
• Ability to develop automated solutions to execute security testing
• Good understanding of cloud security and modern architecture (microservices, serverless and automated delivery) and testing in these environments
• Experience in working in consulting roles, interacting with clients, third parties or security vendors
• Good understanding of cryptography as applied in security such as SSL and key management
• Good understanding of secure software development lifecycle, DevSecOps, automated software delivery
• Good understanding of cloud security and modern architecture
• Hands on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)

SGV | Building a better working world.

SGV is the largest professional services firm in the Philippines. In everything we do, we nurture leaders and enable businesses for a better Philippines. This Purpose is our aspirational reason for being that ignites positive change and inclusive growth.

Our multidisciplinary teams work across a full spectrum of services in assurance, tax, strategy and transactions, and consulting. Enabled by data, AI and advanced technology, we help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

All in to shape the future with confidence.

SGV & Co. is a member firm of Ernst & Young Global Limited. EY refers to the global organization, and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Fueled by sector insights, a globally connected, multidisciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit

2024 SyCip Gorres Velayo & Co.

All Rights Reserved.