T

Technical Consulting Senior Engineer

Trends Group, Inc.
On-site
Makati, Metro Manila, Philippines

I.                    PURPOSE


 


To accomplish all assigned tasks by the management in a timely and effective manner as deemed necessary for the betterment of the organization as a whole.


 


II.                  DUTIES AND RESPONSIBILITIES





  • Assist the Technical Consulting Manager and provide mentorship and guidance to engineers.

  • Evaluate, recommend, and implement new tools and technologies to enhance the team’s capabilities.

  • Perform initial review on reports and documentation generated by the engineers.

  • Ensure the execution of services within the allocated budget hours or parameters defined by the Service Level Agreement.

  • Obtain professional certifications and actively participate in relevant training sessions related to the provided services.

  • Deliver high-quality services to clients with the goal of ensuring customer satisfaction.




A.    Vulnerability Assessment and Penetration Testing



  • Plan and execute Vulnerability Assessment (VA), Vulnerability Management (VM), Vulnerability Assessment and Penetration Testing (VAPT), Phishing Simulation, and Red Teaming activities.

  • Evaluate the effectiveness of existing security controls and provide recommendations for improvements.

  • Simulate real-world cyber-attacks to identify potential weaknesses.

  • Prepare detailed reports on findings, and recommended remediation strategies.

  • Communicate findings to technical and non-technical stakeholders in a clear and understandable manner.

  • Work closely with cross-functional teams to integrate security best practices into development and operational processes.

  • Collaborate with IT teams, developers, and system administrators to address and resolve security issues.

  • Stay informed about the latest security threats, vulnerabilities, and industry best practices.




B.    Digital Forensics and Incident Response



  • Conduct advanced digital forensics investigations on various digital devices, including computers, servers, mobile devices, and network equipment.

  • Utilize industry-standard forensic tools and techniques to acquire, analyze, and preserve digital evidence.

  • Lead and coordinate incident response efforts during cybersecurity incidents, including data breaches, malware infections, and unauthorized access.

  • Develop and implement incident response plans to contain and eradicate security incidents effectively.

  • Collaborate with cross-functional teams to minimize the impact of incidents, providing guidance on corrective actions.

  • Prepare detailed and well-documented reports outlining findings, methodologies, and recommendations.

  • Contribute to post-incident reports, sharing insights and lessons learned for continuous improvement.




III.                QUALIFICATIONS




A.    Minimum Education



  • College Graduate or Diploma holder of any computer-related course.

  • Preferably a degree in Information Technology, Engineering, or a related field.


 


B.    Minimum Experience/Training



  • 2 years+ experience working in Vulnerability Assessment and Penetration Testing, Red Teaming or Security Operations particularly in Digital Forensics and Incident Response.

  • Knowledge of ITIL, Infrastructure related technologies & understanding of business relevance of the technologies

  • Experience working with IT systems and software related to Vulnerability Assessment and Penetration Testing, or Digital Forensics and Incident Response.


 


C.    Competency



  • Effective team player with collaborative skills, capable of analyzing substantial technical data in a fast-paced environment.

  • Strong problem-solving abilities, analytical skills, and effective time management.

  • Positive, energetic, and enthusiastic demeanor with keen attention to detail.

  • Excellent multitasking and task prioritization skills.

  • Self-motivated, proactive, and customer-centric in approach.

  • Quick learner with adaptability to dynamic working environments.

  • Capacity to exercise judgment in high-pressure situations with minimal external guidance.

  • Broad knowledge of cybersecurity and privacy principles.

  • Familiarity with computer networking concepts, protocols, and security methodologies.

  • Understanding of laws, regulations, policies, and ethics relevant to cybersecurity and privacy.

  • Proficiency in risk management processes, encompassing methods for assessing and mitigating risk.

  • Familiarity with cyber threats, vulnerabilities, and the operational impacts of cybersecurity lapses.

  • Knowledge of traffic flows across the network, encompassing Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI), and Information Technology Infrastructure Library (ITIL).

  • Awareness of application vulnerabilities and system/application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

  • Ability to perform penetration testing on network devices, servers, workstations, APIs, Web and Mobile Applications.

  • Skills in conducting vulnerability assessment, vulnerability management, phishing simulation, and red teaming activities.

  • Knowledge of programming language structures and logic, including the ability to apply programming language structures (e.g., source code review) and logic.

  • Understanding of MITRE ATT&CK Framework and NIST SP800-61.

  • Skills in identifying, capturing, containing, and reporting malware.

  • Familiarity with designing incident response procedures.

  • Understanding of investigative implications related to hardware, operating systems, and network technologies.

  • Proficiency in data carving tools and techniques, with awareness of anti-forensics tactics, techniques, and procedures.

  • Comprehensive knowledge of processing digital forensic data and reverse engineering concepts.

  • Proficiency in malware analysis tools and binary analysis.

  • Competence in preserving evidence integrity according to standard operating procedures or national standards.

  • Skills in using digital forensics tools and conducting forensic analyses in multiple operating system environments.




D.    TRAININGS & CERTIFICATIONS (is a plus)



  • CompTIA Network+, Security+

  • EC-Council CEH, ECIH, CHFI, CSA, CTIA, ECSA, LPT, CPENT

  • eLearnSecurity eJPT, eCPPT, eCPTx, eWAPT, eMAPT, eCIR, eCDFP, any other related certifications




IV.                WORKING CONDITIONS



  • Probationary for 6 months

  • Personal and professional development (certified training, on-the-job coaching & mentoring, career progression support)

  • Shifting & Reporting to Office (will be WFH if advised by the management)

  • Possible to work on extended hours

  • On-call Duty



Open
Share this job
Twitter Facebook Linkedin Email