Do you want to take the first step in making Filipinos’ lives better everyday? Here in GCash we want to stay at the forefront of the FinTech industry by creating innovative, meaningful, and convenient financial solutions for the nation! G ka ba? Join the G Nation today!

About the job

Do you want to help protect and shape the digital future of millions of Filipinos? At GCash, we operate at a massive scale in one of the most targeted industries in the world - financial services. To stay ahead, we don’t just react to threats; we actively simulate them.

We are looking for a Lead, Offensive Security Engineer to lead and execute advanced red team and offensive security operations. This role is for someone who thinks like an attacker, operates with discipline, and can translate technical findings into meaningful security improvements across the organization.

If you enjoy breaking things responsibly and influencing security strategy, not just running tools, this role is for you.

Key Responsibilities

• Lead and execute red team and advanced penetration testing engagements that simulate real-world threat actors across applications, infrastructure, cloud, and identity environments

• Identify, exploit, and chain vulnerabilities to demonstrate realistic attack paths and business impact

• Design and improve adversary simulation scenarios aligned with real-world threat intelligence and the MITRE ATT&CK framework

• Partner closely with blue team, security engineering, and security operations teams to improve detection, response, and overall security posture

• Develop tooling, automation, or research to identify security weaknesses at scale and improve testing efficiency

• Produce high-quality technical and executive-level reports, clearly communicating risk, impact, and remediation guidance

• Stay ahead of emerging threats, techniques, and tooling, continuously evolving red team tradecraft

Preferred Qualifications

• 1-3 years of hands-on experience in red teaming, offensive security, advanced penetration testing

• Proven track record of discovering impactful vulnerabilities, including complex or chained attack paths

• Strong understanding of attacker tradecraft, including web, cloud, identity, and infrastructure attack vectors

• Practical experience with adversary simulation and the MITRE ATT&CK framework

• Ability to lead, mentor, and influence (this is a hands-on leadership role, not just an individual contributor position)

• Strong written and verbal communication skills, with the ability to explain technical risk to both engineers and executives

• At least one practical security certification, such as:

  • OSCP, OSEP, OSWE, OSED, OSWP, CRTO, CRTL, CRTP, CRTE, GRTP, CPTS, CWEE, CAPE

• Candidates are encouraged to include write-ups, research, bug bounty findings, or internal/external reports demonstrating offensive security work.

What We Offer

• The opportunity to help build and lead offensive security capabilities in the country’s #1 FinTech platform

• Work alongside a highly skilled, collaborative, and mission-driven security team

• Real impact - your work directly protects millions of users and high-value financial systems

• A culture that values technical excellence, ownership, and continuous improvement

What We Offer

Opportunity for career growth and development in the #1 FinTech company in the country Working with a dynamic and highly collaborative team who want to change the game A company that values their people with highly competitive and flexible compensation and benefits package