Share this Job

Officer - Security Systems Software Assessor

Aboitiz Equity Ventures, Inc.
Regular

Taguig, Metro Manila, PH, 1634

Posted:  Aug 31, 2022

Here at Aboitiz, success means winning together to shape a better future for people, planet, and profit. As we embrace innovation, we grow diverse industries and shape the country’s future. We create careers without boundaries for those who inspire their teams to rise with them. When you work at Aboitiz, you are part of a family committed to advancing business and communities.

Job Mission/Purpose

Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.
 

Contacts/Network Requirement

Internal: Group Mancom
External: Vendors / Suppliers / Providers

Responsibilities

  • Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.
  • Apply coding and testing standards, apply security testing tools including "'fuzzing" static-analysis code scanning tools, and conduct code reviews.
  • Apply secure code document 
  • Develop threat model based on customer interviews and requirements.
  • Consult with engineering staff to evaluate interface between hardware and software 
  • Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.  
  • Perform penetration testing as required for new or updated applications. 
  • Identify basic common coding flaws at a high level 
  • Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.
  • Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
  • Perform integrated quality assurance testing for security functionality and resiliency attack.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
  • Perform secure program testing, review, and/or assessment to identify potential flaws in codes and mitigate vulnerabilities.
  • Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration 
  • Identify basic common coding flaws at a high level 
  • Identify security implications and apply methodologies within centralized and decentralized environments across the enterprise's computer systems in software development.
  • Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
  • Perform integrated quality assurance testing for security functionality and resiliency attack.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. 
  • Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
     

Additional Responsibilities

Key Performance Metrics

Active Defects
Requirement Coverage
Tests Executed Defects Closure Rate
Number of tests executed vs number of tests passed


 

Competencies

I. Universal: Building Partnerships / Networking
I. Universal: Business Acumen
I. Universal: Business Continuity
I. Universal: Communication
I. Universal: Data Science
I. Universal: Design Thinking
I. Universal: Innovation
I. Universal: Performance Management
I. Universal: Project Management
I. Universal: Quality Focus
I. Universal: Resilience
I. Universal: Risk Management, Information Security and Data Privacy
I. Universal: Safety
I. Universal: Working Remotely
II. Functional (Information Security): 3rd Party, Supplier and Vendor Security Risk Management
II. Functional (Information Security): Compliance and Governance
II. Functional (Information Security): Cyber Defense
II. Functional (Information Security): Incident Response (PR-CIR)
II. Functional (Information Security): Information Security Management (ISMS001)
II. Functional (Information Security): Information Security Management SCTY
II. Functional (Information Security): Network Security
II. Functional (Information Security): Relationship Management
II. Functional (Information Security): Risk Management
II. Functional (Information Security): Risk Management (SP-RSK)
II. Functional (Information Security): Security Architecture
II. Functional (Information Security): Security Engineering
II. Functional (Information Security): Training, Education, and Awareness (OV-TEA)

Education

Bachelor's Degree in Information Technology or Information Systems

Work Experience

At least 5 years of relevant work experience

License / Certification and Training Requirement

Certified Security Professional
Cybersecurity Risk Management
Information Systems and Security Professional

JOB APPLICATION NOTICE:
We urge everyone to be vigilant against scams that involve fraudulent offers of employment with Aboitiz Equity Ventures. Scammers are falsely claiming to be representatives of Aboitiz, offering jobs in exchange for recruitment fees. Aboitiz does not ask for money from our applicants at any point of the job application process.