Senior Application Security Engineer

Position Responsibilities
Dynamic Application Security Testing (DAST)

• Provide strategic leadership for the organization's Dynamic Application Security Testing (DAST) program, including governance, oversight, and continuous improvement.
• Manage end-to-end onboarding of applications into the DAST program, ensuring appropriate scoping, configuration, and alignment with security requirements.
• Configure, execute, and optimize automated DAST scans to maximize coverage while minimizing false positives.
• Conduct manual DAST assessments for complex, high-risk, or non-standard application environments.
• Serve as a technical escalation point for DAST tooling, configuration issues, integration needs, and troubleshooting activities.
• Review, validate, and triage DAST results, ensuring clear prioritization and effective communication of findings to engineering stakeholders.
• Maintain and enhance documentation for DAST processes, standards, operational procedures, and best practices.
• Develop and maintain automation scripts (e.g., Python, Bash, PowerShell) to streamline DAST workflows, reporting, onboarding, and operational tasks.
• Integrate automated DAST capabilities into CI/CD pipelines to support continuous security testing.
• Identify new opportunities for automation and process optimization to drive program efficiency and scalability.

Application Security Engineering Secrets Management and Remediation

• Lead the enterprise secrets scanning and secrets management program, including detection, classification, and preventive controls.
• Partner with engineering and IAM to implement secure secrets storage solutions (vaulting, rotation, lifecycle management).
• Ensure timely revocation, rotation, or replacement of exposed secrets in alignment with risk policies and operational requirements.
• Provide strategic leadership in driving the enterprise secrets remediation program in partnership with the Application Security and broader Cyber Assessment teams.
• Represent the program in key project meetings, including discovery sessions, solution architecture reviews, and project checkpoints to align technical direction with business and security objectives.
• Balance technical solutions with business needs, leveraging design thinking, stakeholder engagement, and effective communication to ensure seamless adoption.
• Apply advanced problemsolving skills throughout the secure SDLC to continuously strengthen endtoend processes and reduce recurring secretrelated risks.
• Support a culture of continuous learning, mentoring team members and promoting knowledge sharing across suc cesses, failures, and evolving best practices.

Process Improvement & Cross-Functional Collaboration

• Collaborate closely with Engineering, DevOps, Product, and Risk teams to improve security processes, enhance tool integrations, and support secure development practices.
• Contribute to incident response, change management, and operational troubleshooting as they relate to DAST or broader application security controls.
• Proactively assess the DAST program for gaps, risks, and areas of improvement, and lead initiatives to strengthen overall governance.
• Maintain clear, comprehensive documentation, including playbooks, procedures, workflows, and operational guidelines.

Penetration Testing

• Able to perform penetration testing activities on applications and related components when required.
• Capable of producing clear reports that outline issues and recommend improvements.
• Collaborate effectively with technical teams to support remediation efforts and promote secure development practices.

Required Qualifications

• Extensive hands-on experience with DAST tools, methodologies, and configuration best practices.
• Strong scripting skills (e.g., Python, Bash, PowerShell) for automation and operational efficiency.
• Deep understanding of web application security principles, the OWASP Top 10, and common attack patterns.
• Demonstrated experience performing manual penetration testing.
• Excellent communication skills with the ability to collaborate effectively across technical and non-technical teams.
• Proven experience developing documentation and driving structured process improvements.

Preferred Qualifications

• Experience integrating DAST capabilities into CI/CD pipelines and development workflows.
• Knowledge of containerized environments, cloud platforms, and microservices architectures.
• Relevant industry certifications (e.g., OSCP, OSWE, GWAPT, CEH, GIAC).
• Experience with secure SDLC frameworks or application security governance programs.
• Background mentoring or leading team members.
• Exposure to advanced penetration testing techniques, tools, or methodologies beyond baseline requirements.
• Handson experience with enterprise secrets management platforms, including Azure Key Vault, HashiCorp Vault, AWS Secrets Manager, or equivalent solutions.
• Familiarity with GitOps, DevSecOps, and SRE practices related to secrets handling.
• Knowledge of secrets detection tools and techniques (e.g., GitLeaks, TruffleHog, GitGuardian, GHAS secret scanning).

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit .

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact .