Penetration Tester
2 days ago
The Role
A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
We are looking for a collaborative team player, with a good technical knowledge in web application and infrastructure penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.
Responsibility:
Vulnerability Assessment: Conducting comprehensive assessments of web applications and Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server.
Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.
Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organizations systems and data are not compromised or harmed during the process.
Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.
Requirements
Minimum Criteria:
- Bachelors degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory.
- Relevant industry experience can compensate for formal education requirements.
- Strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential.
- Knowledge of networking fundamentals, operating systems, and databases is also beneficial.
Skills:
- Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
- Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws.
- Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
- Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc.) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
- Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.
Holds relevant industry certification/s or equivalent like the following:
- CEH Certified Ethical Hacker
- OSCP Offensive Security Certified Professional
- GPEN GIAC Penetration Tester
- PNPT Practical Network Penetration Tester
- Burp Suite Certified Practitioner
- eWAPT/eWAPTx eLearning Web Application Penetration Tester
- Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.
-
Senior Associate – Application Pen Tester
2 days ago
Manila, National Capital Region, Philippines Propelsys Technologies LLC Full time ₱900,000 - ₱1,200,000 per yearJob Opportunity: **Application Penetration Tester** (#Remote–#Manila, PH)Location: Manila,#Philippines(Remote)Position: Sr. Application#PenetrationTesterType: Full-time / ContractEligibility: Candidate must be physically based in the Philippines with a valid work visa or should be Filipino.**About the Role**We are seeking a skilled Application Penetration...
-
Cybersecurity Senior Engineer
2 weeks ago
Manila, National Capital Region, Philippines Avensys Consulting Full time ₱144,000 - ₱240,000 per yearAvensys is a reputed global IT professional services company headquartered in Singapore. Our service spectrum includes enterprise solution consulting, business intelligence, business process automation and managed services. Given our decade of success we have evolved to become one of the top trusted providers in Singapore and service a client base across...
-
Associate Security Consultant
1 week ago
Manila, National Capital Region, Philippines NCC Group Full time ₱40,000 - ₱80,000 per yearAssociate Security ConsultantManila - Office-based during probation, then hybridThis is your launchpad into ethical hacking.The Opportunity At NCC Group, our incredible Technical Assurance division is looking for Associate Security Consultants to embark on a journey of growth and development. Kicking off on the 19th of January 2026, you will be based in our...
-
Associate Security Consultant
6 days ago
Manila, National Capital Region, Philippines NCC Group Full time ₱1,500,000 - ₱3,000,000 per yearAssociate Security ConsultantManila – Office-based during probation, then hybridThis is your launchpad into ethical hacking.The Opportunity At NCC Group, our incredible Technical Assurance division is looking for Associate Security Consultants to embark on a journey of growth and development. Kicking off on the 19th of January 2026, you will be based in...
-
Senior Penetration Tester
4 weeks ago
, Metro Manila, Philippines BLUEDOG CYBER SECURITY INC. Full timeWe are a well-established cybersecurity company in Manila with contracts with major local enterprises. We seek a highly experienced, certified Penetration Tester to join our pool of on-site consultants. The ideal candidate will travel to client sites in Metro Manila, perform thorough penetration testing across web, mobile, API, and network environments, and...
-
T&T Consultant
3 weeks ago
Manila, Philippines Deloitte PLT Full timeAt Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how...
-
T&T Consultant
3 weeks ago
Manila, Philippines Deloitte PLT Full timeOverview Select how often (in days) to receive an alert: Date: 8 Sept 2025 Location: Jakarta, ID Are you ready to unleash your potential? At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of...
-
T&T Senior Consultant
3 weeks ago
Manila, Philippines Deloitte PLT Full timeSelect how often (in days) to receive an alert: Date: 14 Sept 2025 Location: Jakarta, ID Are you ready to unleash your potential? At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives...
-
Penetration Tester
5 hours ago
Manila, Manulife Business Processing Services, Philippines Manulife Full time $90,000 - $120,000 per yearManulife is a leading international financial services provider, helping people make decisions easier and lives better. Help shape the future you want to see — and discover that better can take you anywhere you want to go.Position Responsibilities:Evaluates the security posture of the organization, assessing potential threats and vulnerabilities.Develops...
-
Bonifacio Global, Metro Manila, Philippines HCM Nexus Full time ₱1,200,000 - ₱2,400,000 per yearSecurity Vulnerability and Penetration Testing EngineerWork Setup: Hybrid (8x onsite per month - BGC, Taguig)Schedule: Morning shift (8:00 AM - 5:00 PM or 9:00 AM – 6:00 PM)Must be amenable to render overtime, work on weekends and/or Philippine holidays if needed.About the RoleThe Security Vulnerability and Penetration Testing Engineer is responsible for...
-
Freelance AI/ML Penetration Tester
3 weeks ago
Eastern Manila District, Philippines Mindrift Full timeBe among the first 25 applicants. This opportunity is only for candidates currently residing in the specified country. Your location may affect eligibility and rates. Please submit your resume in English and indicate your level of English proficiency. At Mindrift, innovation meets opportunity. We believe in using the power of collective intelligence to...
-
Pentester 5G
3 weeks ago
Manila, Philippines P1 Security Full timeP1 Security is looking for a Senior Penetration (min. of 5 years) tester to join our Expert missions team dedicated to enhancing critical infrastructure security and particularly on mobile networks environments (Telco). About P1 Security Founded in 2011 by serial entrepreneur and security expert Philippe Langlois, P1 Security is on a mission to secure...
-
Security Consultant
3 weeks ago
Manila, Philippines Trustwave, A LevelBlue Company Full timeOverview Security Consultant - Spider Labs (Pen Testing) role at Trustwave, A LevelBlue Company. The Security Consultant role offers an opportunity to work within the world renowned SpiderLabs team. The team has consultants across North America, Latin and Central America, Europe, Africa, Australia, and Asia. The role is remote with some onsite requirements....
-
Associate Solution Architect
3 weeks ago
Manila, Philippines NCC Group Full timeRole:Associate Solution Architect Location: Taguig City, Metro Manila Hybrid set-up (2 days per week onsite) Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group. We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of...
