Vulnerability Management Engineer

The Manulife Global Vulnerability Management team, part of Global Cybersecurity Services (GCS), is looking for an experienced Vulnerability Management Engineer. The Global Vulnerability Management Team is responsible for the cyclical practice of identifying, classifying, prioritizing, remediating, and/or mitigating security vulnerabilities on infrastructure and software for the Manulife Enterprise.

This position requires a motivated self-starter with passion for vulnerability management. We are looking for someone who is not afraid to raise their hands, ask questions, and suggest improvements. This person will work quickly and professionally and be dedicated to supporting customers across GCS, Business Segments, and Manulife as a whole.

You will join a world-class company known for its commitment to diversity, community involvement, and work-life balance. We are committed to the personal and professional development of our team members, including support for attaining and keeping industry designations and certifications.

Role and Responsibilities

In this position, you will be responsible for various functions within the vulnerability management lifecycle.

• Qualys SME support across modules, including VMDR, Policy Compliance, CyberSecurity Asset Management, and Cloud Agent

• Work to ensure scanning completeness across the Manulife enterprise using multiple tools to ensure accuracy

• Support scanner appliance health, monitoring, and optimization, including scan schedules

• Support Cloud Agent health, monitoring, and optimization

• Collaborate with partners across GCS to integrate Qualys with other security tools, such as Tanium, Devo, and Microsoft Defender

• Support remediation efforts by partnering with business segments to address questions around patching and other forms of risk mitigation

• Lead the development and configuration for external attack surface management

• Provide support for implementation and deployment of risk-based vulnerability management, focused on the threat intelligence data that informs the process

• Assist in asset inventory and system ownership initiatives to ensure that remediation is being handled by the correct patching teams

• Work with Qualys leadership and SMEs to proactively identify and test applicable new features and modules

• Assist with technical hardening and policy compliance efforts

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Cyber Security, other related field or any equivalent experience

• At least 3 years' experience in Information Technology, Information Security, or Vulnerability Assessment

• A passion for cybersecurity and an understanding of security operations concepts

• A motivated self-starter who works quickly and efficiently

• Innovative problem-solving skills with the ability to exercise flexibility and judgement

• Excellent communication skills (oral and written), including presentation skills

Nice to Have

• Prior experience with the Qualys suite of tools, including VMDR, Policy Compliance, CyberSecurity Asset Management, and Cloud Agent

• Prior experience with Devo SIEM tool

• Experience and comfort with networking basics, such as TCP/IP, CIDR notation, ACLs, firewall rules, and routing

• Ability to automate the vulnerability data management and reporting process using scripting languages (Python, Perl, Unix Shell, VBA, PowerShell)

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Primary Location

USA, Massachusetts, Boston, 200 Berkeley Street

Working Arrangement

Hybrid

Salary range is expected to be between

$104,860.00 USD - $194,740.00 USD

If you are applying for this role outside of the primary location, please contact recruitment@manulife.com for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife/John Hancock offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time (or more where required by law) each year, and we offer the full range of statutory leaves of absence.

Know Your Rights I Family & Medical Leave I Employee Polygraph Protection I Right to Work I E-Verify I Pay Transparency

Company: John Hancock Life Insurance Company (U.S.A.)