Metrobank
Application Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Metrobank
Metropolitan Bank & Trust Company, commonly known as Metrobank, is a leading universal bank in the Philippines, founded in 1962. Headquartered in Makati, it has grown to become the second largest private universal bank in the country, employing around 14,000 professionals. Metrobank offers a wide range of banking and financial services, including corporate, commercial, and consumer banking, credit card services, remittances, investment banking, and microfinancing. With a strong domestic and international presence, Metrobank operates over 940 branches and more than 2,300 ATMs across the Philippines, along with over 30 international branches and offices. The bank serves a diverse clientele, including large corporations, small-to-medium enterprises, high net-worth individuals, and retail customers. Metrobank has achieved significant financial success, reporting a net income of PHP 23.6 billion in the first half of 2024, and has received numerous awards for its services, including recognition as the Most Recommended Retail Bank in the Philippines.
Security at Metrobank
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Metrobank's AppSec mission is to "Develop and enforce security plans and standards; ensures that application security best practices are executed and implemented."Their approach to developer enablement includes reviewing "installation and changes to CI/CD pipeline."The risk philosophy involves providing "risk assessment support to CPSD and SQRD related to architecture for security concerns."A stated goal is to "Maintain and mature the security tools to ensure effective prevention and detection of incidents."Information on developer enablement versus strict gating beyond CI/CD pipeline review is not publicly available.”
Security Team
The Chief Information Security Officer (CISO) leads Metrobank's Information Security Division. A Board-level IT Steering Committee provides governance and oversight for the Bank's IT resources. Key public-facing AppSec leaders and the estimated team size are not publicly available. As of, there are 6 active AppSec job postings. Common skill patterns include "Full knowledge and understanding of OWASP Top 10 Application Security best practices"and "At least 3+ years' experience in designing, implementing and maintaining application security solutions such as SAST, DAST, IAST, etc."
Key Initiatives
The status of a Security Champions Program is not publicly available. For "Shift Left"practices, Metrobank reviews "installation and changes to CI/CD pipeline."Their vulnerability management process includes the Information Security Division conducting "annual penetration tests on all critical systems."Details on triage and remediation, such as SLAs or MTTR, are not publicly available. Secure SDLC artifacts involve managing "the implementation of baseline system security standards for application development."Information on recent initiatives (last 6 months) is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.