Security Engineer

The Security Engineer plays a key role in strengthening Manulife's application security posture across its digital products, platforms, and financial services systems. Operating with greater autonomy, this role leads security assessments, drives remediation efforts, and actively contributes to the development of AppSec programs and standards. The ideal candidate brings solid hands-on experience in secure software development, offensive security techniques, AI-driven security automation, and cross-functional leadership — all grounded in Manulife's core values.

Position Responsibilities:

• Lead end-to-end application security assessments including SAST, DAST, manual code reviews and penetration testing.
• Independently conduct ad hoc and scheduled penetration testing on web applications, APIs, AI/ML, and mobile applications — documenting and presenting findings to stakeholders.
• Perform in-depth analysis of OWASP Top 10 and advanced vulnerability classes including business logic flaws, broken access control, and insecure deserialization.
• Design, code, and deploy AI-powered automation tools and security scripts that enhance vulnerability detection, threat triage, and testing efficiency at scale.
• Write clean, maintainable code to build internal security tooling, integrations, and AI-assisted workflows that reduce manual effort across the Security Engineering Team.
• Conduct threat modeling for complex, high-risk systems and new product initiatives, recommending security architecture improvements.
• Serve as a security advisor and informal leader to development and product teams — driving security-by-design principles and secure coding best practices.
• Mentor and coach associate security engineers —
• conducting knowledge-sharing sessions, reviewing their work, and supporting their professional development.
• Produce clear, risk-rated vulnerability reports with actionable remediation guidance for both technical and non-technical audiences.
• Contribute to the development and maintenance of application security policies, standards, playbooks, and training materials.
• Stay ahead of evolving threats and vulnerabilities in the financial services and fintech space, translating intelligence into actionable controls.

Required Qualifications:

• 3–6 years of hands-on experience in application security, with demonstrated ownership of security assessments and remediation cycles.
• Deep familiarity with OWASP Top 10, OWASP Testing Guide (OWTG), and OWASP Application Security Verification Standard (ASVS).
• Proven experience conducting Web application, API, AI/ML, Mobile and Desktop penetration testing using tools such as Burp Suite Pro, OWASP ZAP, or Metasploit.
• Demonstrated ability to code and build AI-powered security automation tools — including scripts or integrations using Python, JavaScript, or similar languages.
• Experience working with AI/ML APIs or LLM-based tools to automate security workflows such as vulnerability analysis, report generation, or threat detection.
• Demonstrated leadership skills — including the ability to guide peers, facilitate technical discussions, and influence security outcomes across teams.
• Excellent communication skills — able to articulate risk clearly to both technical teams and business stakeholders.
• Has background in threat modeling and mobile penetration testing.

Preferred Qualifications:

• Industry certifications such as OSCP, GWAPT, eWPT, CSSLP, CISSP, or equivalent.
• Experience in banking, insurance, or financial services with working knowledge of PCI-DSS, BSP regulations, ISO 27001, or SOC 2.
• Cloud security experience on AWS, Azure, or GCP — including knowledge of cloud-native appsec controls.
• Experience with mobile application security testing on iOS and Android platforms.
• Proficiency in threat modeling using STRIDE, PASTA, or similar methodologies for complex, multi-tier systems.
• Exposure to red team exercises or bug bounty programs.
• Track record of leading or co-leading security initiatives, process improvements, or cross-team programs.

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [Confidential Information].

Working Arrangement

Hybrid