About this role
<p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong>Be #InGoodHands with Metrobank!</strong></span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!</span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong>Job Summary:</strong></span></p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Plan, document test methodologies and perform penetration testing or ethical hacking of network infrastructure, application systems including mobile applications all in a stealthy operation without being detected, in order to identify potential security weaknesses in the system. Collaborate with ITG developers by communicating the back doors/security weaknesses identified and providing inputs in correcting the security flaws. Establish red team procedures in conducting red team exercises.</span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong>Specific Duties & Responsibilities:</strong></span></p> <p> </p> <ul> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Perform threat analysis, wireless network assessments, and social-engineering assessments including physical security assessments to develop test scenarios.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Conduct network and system security scans. Perform manual and automated hacking techniques on network infrastructure, computer systems, web and mobile applications. Search for weaknesses and recommend corrective measures to prevent potential attacks.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Evade intrusion prevention systems, intrusion detection systems, firewalls, and honeypots to ensure they are effective and reinforced when necessary.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Identify methods and entry points that attackers may use to exploit vulnerabilities or weaknesses</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Develop abuse cases and testing methods to identify vulnerabilities in business logic. Develop/update scripts/tools to enhance penetration testing processes.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Research, evaluate, document and discuss findings with IT teams and management. Collaborate with IT teams to remediate the vulnerabilities.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Effectively communicate findings and remediation strategy to stakeholders. Develop comprehensive and accurate reports and presentations for both technical and executive audiences.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Review, verify and provide feedback on information security fixes.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Establish improvements for existing security services, including hardware, software, policies and procedures.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Observe business continuity and its operations when performing testing (i.e. minimize downtime and loss of employee productivity).</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Stay updated on the latest malware and security threats.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Assist in cyber security investigations.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Recognize the safe utilization of attacker tools, tactics, and procedures.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Keep abreast with the latest attack vectors, hacking methods, ethical hacking/pen testing techniques and new penetration testing tools.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Analyze security policies and configurations for effectiveness against an attack and make necessary suggestions on security policy and configuration improvements.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Perform other information security governance, risk and compliance related duties and responsibilities as directed by the Department Head.</span></p> </li> </ul> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong>Qualifications</strong></span></p> <p> </p> <ul> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Graduate of any college degree in Computer Science or Information Security, Cybersecurity or related technical field of expertise.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Strong understanding of vulnerabilities, common attack vectors and has attacker mindset: ability to think about creative threats and attack vectors.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Full knowledge and understanding of OWASP Top 10 Application Security best practices.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Certification may include SANS GPEN, GWAP, OSCP, CEH or equivalent.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Technical knowledge and experience in ethical hacking.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Advanced computer skills – extensive computer skills and an understanding of networking fundamental, including forensics, reverse engineering, web applications, databases, and wireless technologies.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Scripting and programming –scripting skills to infiltrate any system.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Clear understanding of how computer security breaches can disrupt business, including the financial implications.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Highly analytical with exceptional problem-solving skills.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Result-orientated in terms of disposition for corrective action to drive the remediation to reduce the risk exposure of the bank.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Have good teamwork and collaboration skills: a good team player with the ability to lead security initiatives</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Good written and verbal communication skills: to effectively articulate and explain complex security topics in simple language and easy to understand concepts.</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Possess excellent time management skills, thrive in a fast-paced demanding environment</span></p> </li> <li style="list-style-type:disc;font-family:arial, helvetica, sans-serif;font-size:10.0pt"> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Be a self-managed, self-starter with good organizational skills.</span></p> </li> </ul>