Application Security Engineer

Within Manulife's Canadian Segment, the Bank is seeking an Application Security Engineer with technical knowledge/skills and a strong analysis and governance mentality to join our team. The individual who becomes part of our team will be responsible for helping to establish and maintain an effective application security governance framework, ensuring the Bank is leading in this space. The candidate will have the opportunity to maintain and improve the security of Manulife Bank’s systems.

Qualifications

• Post-secondary education, preferably in cyber security, computer science or equivalent work experience.
• 5+ years proven track record as an Application Security Engineer, Cyber Security professional, or as a Software Engineer with security experience. Candidates with less experience are welcome to apply as the role could be adjusted for the right candidate.
• A meticulous mentality with deep technical, analytical, conceptual, diagnostic, and problem-solving skills.
• Solid written and verbal communication, interpersonal and facilitation skills.
• Good Analytical Skills, copes with complex situations through deliberate analysis and planning.
• Ability to negotiate effectively when clarifying needs vs. wants/likes to balance business direction/requirements with cost of development and risk.
• Strong planning and organizational skills to self-manage and assist in running delivery schedules for multiple parallel initiatives.
• General tools experience: JIRA, Confluence, Microsoft tools 
• Technical tools experience: ETL tools (such as Power BI), experience working with query languages such as SQL, LINQ, experience working with source control like GIT, and software development IDEs
• Technical skills including analyzing data from different sources, understanding various data formats, good understanding of programming and/or technology infrastructure
• Specific skills including analyzing open-source vulnerabilities, static code analysis vulnerabilities, and PEN Test findings.
• Ability to work with engineering teams to guide and assist developing security solutions
• Confirmed experience learning new processes, technologies, and tools at a rapid pace.
• Ability to use analytical and decision-making skills to offer options and resolve problems in a variety of contexts.

Day to day responsibilities

• Governance of Manulife Bank application vulnerabilities
  • PEN test issues 
  • Static code analysis issues 
  • Open-source vulnerability management 
  • VDP findings 
• Conduct meetings, reviewing outstanding vulnerability issues, reviewing with multiple collaborators across the organization to understand issues and clarify impacts to our systems.
• Collaborating with product partners, other analysts, engineers, architects, and other Manulife security and risk teams.
• Maintain documentation on outstanding issues
• Partner with application currency governance
• Assist with maintaining governance dashboards broken down by application asset
• Interact with global governance teams, Bank application squads, and business partners
• Provide governance data to customers and board of directors
• Work with Bank architects and engineers to analyze security risks for specific changes as well as develop Bank engineering standards with respect to security

Other responsibilities

• Understand the high-level architecture of Bank systems
• Occasional after-hours work to validate security changes post implementation.
• Maintain continual self-education on past, present, and evolving cyber security threats  
  • Training courses 
  • Security briefings
  • Reading media or other postings regarding  
    • security innovations  
    • security breaches 
    • Risks specific to financial institutions 
• Contribute to documentation on Bank security standards and policies that enhance Manulife global policies.
• Analyze regulatory requirements for security standard processes

Nice to have 

• Familiarity with either windows or Linux command line 
• Certifications (CISSP, CISA, CEH, CISM, ISSAP, ISSEP, or equivalent) or interest in retaining a security certification 
• Basic familiarity with git source control

What can we offer you?

• A competitive salary and benefits packages.
• A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.
• A focus on growing your career path with us.
• Flexible work policies and strong work-life balance.
• Professional development and leadership opportunities.

Our commitment: 

• Values-first culture 
  We lead with our Values every day and bring them to life together. 
• Boundless opportunity 
  We create opportunities to learn and grow at every stage of your career. 
• Continuous innovation 
  We invite you to help redefine the future of financial services. 
• Delivering the promise of Diversity, Equity and Inclusion 
  We foster an inclusive workplace where everyone thrives. 
• Championing Corporate Citizenship 
  We build a business that benefits all customers and has a positive social and environmental impact. 

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Primary Location

Waterloo, Ontario

Working Arrangement

Hybrid

Salary range is expected to be between

$75,880.00 CAD - $140,920.00 CAD

If you are applying for this role outside of the primary location, please contact recruitment@manulife.com for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact recruitment@manulife.com for more information about U.S.-specific paid time off provisions.