Job Description

The Associate Security Engineer is responsible for helping safeguard Manulife's digital products, platforms, and APIs from software-level threats. Working with Security Engineering Team, this role partners closely with Software Engineering, DevOps, and Risk Management to embed security throughout the software development lifecycle (SDLC). The ideal candidate is a technically curious professional with a foundational understanding of secure coding practices, OWASP standards, and a passion for protecting financial systems and customer data — all while living Manulife's core values every day.

Position Responsibilities:

• Perform secure code reviews and static application security testing (SAST) on external, internal and third-party applications.

• Assist in conducting dynamic application security testing (DAST) and web application penetration testing against banking systems and APIs.

• Integrate security tooling into CI/CD pipelines (e.g., SAST, SCA, secrets scanning) to enable DevSecOps practices.

• Identify, triage, and track application vulnerabilities including OWASP Top 10, business logic flaws, and injection attacks.

• Provide security guidance and training to development teams on secure coding standards and vulnerability remediation.

• Produce detailed vulnerability reports and track remediation progress through to closure.

• Help maintain application security policies, standards, and playbooks aligned with banking regulations and best practices.

• Monitor the threat landscape for emerging vulnerabilities relevant to financial applications and payment systems.

• Leverage AI and automation tools to streamline security testing, vulnerability detection, and threat analysis workflows.

• Conduct ad hoc penetration testing on applications, APIs, and services to proactively identify security gaps before production releases.

Required Qualifications:

• 0–3 years of hands-on experience in application security, software development, or a related security role.

• Solid familiarity with the OWASP Top 10, OWASP Testing Guide, and common web application vulnerability classes.

• Foundational knowledge of penetration testing concepts, methodologies, and tools (e.g., Burp Suite, OWASP ZAP, Metasploit) with experience performing ad hoc assessments.

• Familiarity with AI-assisted security tools and automation scripting for security workflows.

• Familiarity with application security testing tools such as Snyk, Burp Suite, Git Hub, Git Guardian, and Kali Linux.

• Basic scripting or programming skills in at least one language (Python, JavaScript, Java, or similar).

• Understanding of RESTful APIs, web technologies, and common authentication mechanisms (OAuth, SAML, JWT).

• Strong written and verbal communication skills for documenting and presenting security findings.

Preferred Qualifications:

• Security certifications such as: CompTIA Security+, eJPT, CEH, eWPT, or OSCP.
  *Note: Optional for Associate Security Engineer

• Experience using AI/ML powered security platforms or building automation scripts for repetitive security tasks.

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com

Hybrid