Senior Application Security Engineer

We are looking for a highly skilled Senior Application Security Engineer to lead our Dynamic Application Security Testing (DAST) and Application Security Engineering Secrets Management and this role you will shape the strategy governance and continuous improvement of security testing capabilities. You will collaborate with Engineering and DevOps teams to integrate security testing into the SDLC assess and prioritize vulnerabilities and guide remediation efforts. Success in this position requires strong technical depth in DAST penetration testing Application Security Engineering RapidLab/Secrets Management and Remediation and automation paired with excellent communication and leadership skills.

Position Responsibilities
Dynamic Application Security Testing (DAST)

• Provide strategic leadership for the organizations Dynamic Application Security Testing (DAST) program including governance oversight and continuous improvement.
• Manage end-to-end onboarding of applications into the DAST program ensuring appropriate scoping configuration and alignment with security requirements.
• Configure execute and optimize automated DAST scans to maximize coverage while minimizing false positives.
• Conduct manual DAST assessments for complex high-risk or non-standard application environments.
• Serve as a technical escalation point for DAST tooling configuration issues integration needs and troubleshooting activities.
• Review validate and triage DAST results ensuring clear prioritization and effective communication of findings to engineering stakeholders.
• Maintain and enhance documentation for DAST processes standards operational procedures and best practices.
• Develop and maintain automation scripts (e.g. Python Bash PowerShell) to streamline DAST workflows reporting onboarding and operational tasks.
• Integrate automated DAST capabilities into CI/CD pipelines to support continuous security testing.
• Identify new opportunities for automation and process optimization to drive program efficiency and scalability.

Application Security Engineering Secrets Management and Remediation

• Lead the enterprise secrets scanning and secrets management program including detection classification and preventive controls.
• Partner with engineering and IAM to implement secure secrets storage solutions (vaulting rotation lifecycle management).
• Ensure timely revocation rotation or replacement of exposed secrets in alignment with risk policies and operational requirements.
• Provide strategic leadership in driving the enterprise secrets remediation program in partnership with the Application Security and broader Cyber Assessment teams.
• Represent the program in key project meetings including discovery sessions solution architecture reviews and project checkpoints to align technical direction with business and security objectives.
• Balance technical solutions with business needs leveraging design thinking stakeholder engagement and effective communication to ensure seamless adoption.
• Apply advanced problemsolving skills throughout the secure SDLC to continuously strengthen endtoend processes and reduce recurring secretrelated risks.
• Support a culture of continuous learning mentoring team members and promoting knowledge sharing across successes failures and evolving best practices.

Process Improvement & Cross-Functional Collaboration

• Collaborate closely with Engineering DevOps Product and Risk teams to improve security processes enhance tool integrations and support secure development practices.
• Contribute to incident response change management and operational troubleshooting as they relate to DAST or broader application security controls.
• Proactively assess the DAST program for gaps risks and areas of improvement and lead initiatives to strengthen overall governance.
• Maintain clear comprehensive documentation including playbooks procedures workflows and operational guidelines.

Penetration Testing

• Able to perform penetration testing activities on applications and related components when required.
• Capable of producing clear reports that outline issues and recommend improvements.
• Collaborate effectively with technical teams to support remediation efforts and promote secure development practices.

Required Qualifications

• Extensive hands-on experience with DAST tools methodologies and configuration best practices.
• Strong scripting skills (e.g. Python Bash PowerShell) for automation and operational efficiency.
• Deep understanding of web application security principles the OWASP Top 10 and common attack patterns.
• Demonstrated experience performing manual penetration testing.
• Excellent communication skills with the ability to collaborate effectively across technical and non-technical teams.
• Proven experience developing documentation and driving structured process improvements.
• Amenable to work in UP Ayala Technohub (Quezon City)
• Amenable to work in a hybrid set-up (3x onsite per week)
• Amenable to work in a mid shift schedule

Preferred Qualifications

• Experience integrating DAST capabilities into CI/CD pipelines and development workflows.
• Knowledge of containerized environments cloud platforms and microservices architectures.
• Relevant industry certifications (e.g. OSCP OSWE GWAPT CEH GIAC).
• Experience with secure SDLC frameworks or application security governance programs.
• Background mentoring or leading team members.
• Exposure to advanced penetration testing techniques tools or methodologies beyond baseline requirements.
• Handson experience with enterprise secrets management platforms including Azure Key Vault HashiCorp Vault AWS Secrets Manager or equivalent solutions.
• Familiarity with GitOps DevSecOps and SRE practices related to secrets handling.
• Knowledge of secrets detection tools and techniques (e.g. GitLeaks TruffleHog GitGuardian GHAS secret scanning).

When you join our team:

• Well empower you to learn and grow the career you want.
• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .