IT Security Engineer

NOTE: The company preferred an ONSITE interview. Kindly make yourself available when you apply for this role.

The Cybersecurity Engineer will be responsible for deploying security solutions, supporting incident response, conducting risk assessments, and ensuring compliance with global standards and local regulatory requirements. This position combines hands-on technical expertise with a proactive, solution-driven mindset, offering a unique opportunity to work across business, IT, and regional/global security teams.

JOB RESPONSIBILITIES

• Execute and monitor the implementation of global cybersecurity tools and controls ensuring alignment with security baselines and the local Cybersecurity Roadmap.
• Maintain endpoint protection, vulnerability scanning, patch management, and anti-malware compliance across all systems.
• Implement the Security Policy and collaborate with IT, Legal, Internal Control, and other functions to ensure proper enforcement across the organization.
• Support continuous improvement initiatives around cybersecurity automation, monitoring, and threat detection.

• Raise user awareness around cyber threats (e.g., phishing, ransomware, data leakage) and promote secure behaviors across the organization.
• Contribute to the design and execution of security training sessions and phishing simulations.
• Relay Group-level information security communications, policies, and advisories to local teams, ensuring timely acknowledgment and action.

• Serve as the first responder for local cybersecurity alerts and incidents, following Group Security directives and escalation paths.
• Coordinate triage, containment, and remediation efforts in collaboration with the Security Operations Center (SOC) and Regional Security teams.
• Lead local investigations and root cause analysis; develop and track mitigation plans post-incident.
• Escalate and report incidents that may impact business continuity or data protection.

• Support integration of cybersecurity and data protection requirements in local and regional IT projects.
• Perform security risk assessments, evaluate threats and potential impacts, and recommend mitigation controls during project design and delivery.
• Review suppliers and contracts to ensure alignment with Group security requirements and provide technical inputs as needed.

• Assist in internal and external audits, including gathering technical evidence to demonstrate compliance with information security standards
• Respond to client and partner inquiries related to information security policies and practices.
• Maintain accurate documentation and contribute to regular reporting on key security KPIs, compliance posture, and operational metrics.

REQUIREMENTS:

• Experience: 5–8 years of hands-on experience in cybersecurity or information security roles, with proven involvement in endpoint security, vulnerability management, and security operations.
• Certifications: Holds one or more relevant certifications such as CISSP, CISM, CEH, CompTIA Security+, or equivalent. (Cloud security certifications like CCSK or AWS Security Specialty are a plus.)
• Security Frameworks: Solid understanding and practical application of security and risk management frameworks such as ISO/IEC 27001, NIST CSF, MITRE ATT&CK, or CIS Controls.
• Technical Expertise: Demonstrated experience implementing and managing security technologies such as:
• Endpoint Protection Platforms
• Vulnerability Management Tools
• Encryption tools and BitLocker
• Data Loss Prevention (DLP), SIEM, or EDR solutions
• Cloud Security: Strong exposure to cloud security principles and best practices; experience with Azure Cloud environments is preferred.
• Bachelor's Degree in Computer Science, Information Technology, Engineering, or a related field from a recognized Philippine university.
• Relevant certifications such as:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CCSP (Certified Cloud Security Professional)
• CEH (Certified Ethical Hacker)
• CompTIA Security+