Senior Application Security Specialist
Job Summary
Manulife is a leading international financial services provider helping people make decisions easier and lives better. Help shape the future you want to see and discover that better can take you anywhere you want to go.
We are seeking an experienced Senior Application Security Specialist to join our team. The successful candidate will play a critical role in establishing and maintaining our security and risk governance frameworks. This role involves monitoring threats assessing vulnerabilities and ensuring compliance with organizations standards and regulatory requirements.
Position Responsibilities
Perform code scanning validation tuning and optimization using SAST DAST and SCA tools (e.g. Snyk Burp Suite SonarQube Veracode and Checkmarx) to ensure accurate prioritized and actionable remediation results.
Conduct penetration testing code scanning secrets management (GitGuardian) and threat modeling for business applications to determine risk ratings and prioritize the vulnerabilities discovered along with the organizations remediation timelines.
Execute intake triage analysis and reporting procedures for security assessments.
Experience working with code repositories such as GitHub and with CI/CD pipelines in Azure DevOps.
Coordinate assessment and risk analysis activities evaluate governance processes and recommend improvement opportunities.
Supports establishment development and maintenance of risk governance frameworks risk assessment methodologies risk metrics reporting and risk management compliance protocols.
Conduct vulnerability assessments and prioritize remediation activities in collaboration with stakeholders.
Document findings and collaborate with cross-functional teams to implement corrective actions.
Work closely with senior security engineers product partners architects and crossfunctional teams in Agile/DevOps environments.
Communicate risk and compliance assessments and recommendations to business units and senior management.
Lead and participate in meetings to review outstanding vulnerabilities and clarify business and technical impacts.
Develop and report actionable KPIs and KRIs aligned with application security policies and standards.
Analyze cyber defense policies for compliance with regulations and organizational standards.
Lead meetings to analyze risk indicators and develop executive-level dashboards.
Maintain comprehensive documentation of governance processes and contribute to policy updates.
Stay updated on evolving cybersecurity threats and contribute to enhancing risk reporting processes.
Provide professional advice and take a lead role in process or program execution.
Be accountable for own work and contribute to setting standards through expertise in own job discipline that impacts other deliverables.
Required Qualifications
Strong understanding of information security controls vulnerability management and risk management frameworks (NIST CSF ISO 27001/27002).
Experience working with Cloud technologies (Azure AWS Ali Cloud)
Knowledge of cybersecurity principles internal controls and risk management tools.
Proficiency in data visualization tools (Tableau Power BI) and statistical data analysis.
Handson experience with tools such as JIRA Confluence and Microsoft 365.
Experience with cybersecurity assessment frameworks (PTES OWASP OSSTM) and penetration testing.
Understanding of legal and regulatory requirements related to cybersecurity and IT governance.
Excellent communication skills to effectively convey risk assessments and security recommendations.
Knowledge of ticketing and tracking tools such as ServiceNow Security Operations GRC systems like Archer.
Understanding of legal and regulatory requirements related to technology risk management Familiarity with cybersecurity governance frameworks and their implementation
Knowledge of statistical data analysis and reporting toolsets
In-depth knowledge of risk assessment methodologies and risk management frameworks.
Proficiency in using risk assessment tools and software.
Preferred Qualifications
CISSP CSSLP OSCP GWAPT or equivalent industry-recognized security certifications.
Cybersecurity Security Monitoring
Vulnerability Assessment Penetration Testing
Threat Modeling Security Assessment Security Testing
Cyber Threat Intelligence
When You Join Our Team
Well empower you to learn and grow the career you want.
Well recognize and support you in a flexible environment where wellbeing and inclusion are more than just words.
As part of our global team well support you in shaping the future you want to see.
The role being advertised is an existing vacancy.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer
At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .
Referenced Salary Location
Toronto OntarioWorking Arrangement
Salary range is expected to be between
$113000.00 CAD - $163000.00 CADEmployees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions geography and relevant job-related factors such as knowledge skills qualifications experience and education/training. If you are applying for this role outside of the primary location please contact for the salary range for your location.
Manulife offers eligible employees a wide array of customizable benefits including health dental mental health vision short- and long-term disability life and AD&D insurance coverage adoption/surrogacy and wellness benefits and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays vacation personal and sick days and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S. please contact for more information about U.S.-specific paid time off provisions.
We use data and analytics technologies such as artificial intelligence (AI) and automated processing tools to analyze and process the information you provide to us or third parties in the application process. For more information please refer to our personal information collection statement.
Required Experience:
Senior IC
Key Skills
- Computer Hardware
- Mac Os
- Manufacturing & Controls
- Root cause Analysis
- Windows
- Customer Support
- Remote Access Software
- Operating Systems
- Encryption
- Remedy
- Chemistry
- Cerner
About Company
Manulife is a leading financial services group. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions.