Associate DevSecOpsApplication Security Engineer

Were looking for a Associate DevSecOps/Application Security Engineer to join our Global Technology this role you will play a key dynamic role in Minimizing security risk by monitoring testing and reporting on application and Application Programming Interfaces ensuring security redundancy and continuity of service. Supports ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system and works with Agile and DevOps teams to deliver recommendations to secure systems processes and software applications.

Have the skills and experience for the job Learn more about it below!

Position Responsibilities:

• Supports efforts to minimize security risk by monitoring testing and reporting on application and Application Programming Interfaces.
• Assists with managing inventory of applications ensuring security redundancy continuity of service and thorough documentation.
• Supports ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
• Collaborates with Agile and DevOps teams reviewing project documentation researching and referencing information security policies delivering recommendations and guidance in the pursuit of securing systems processes and software applications.
• Assists in the development of application security components throughout all stages of the Software Development Life Cycle (SDLC).
• Identifies risks and areas of exposure in applications developed by/for the organization and ensures application logs and audit trails are in place.
• Measures and researches the effectiveness of security controls in complex codebases and develops and updates security patterns aligned with security requirements.
• Performs manual and automated security testing of the organizations applications and APIs and assists in defining and documenting their application security requirements.
• Performs code security reviews statically and dynamically and participates in incident handling and performs application-related forensics activities.
• Monitors industry trends and threat landscape recommends necessary controls and/or countermeasure and educates developers on secure coding techniques and security leading practices.
• Amenable to work UP Ayala Technohub (Quezon City)
• Amenable to work on a hybrid set-up (3x a week onsite)
• Amenable to work in any shift schedule assigned (night shift; but flexible depending on business need)

Required Qualifications:

• A graduate of any IT related courses (Fresh graduates are welcome to apply)

• Development and/or security-related experience with web applications web services and mobile applications including at least2 of the following core languages: .NET Java Angular NodeJS Python
• Understanding of cloud security concepts and architectures (AWS Azure) web application frameworks and protocols (HTTP SSL/TLS OAuth etc.)
• Understanding of network security principles including firewalls intrusion detection/prevention systems (IDS/IPS) and secure network protocols (e.g. SSL/TLS)
• Understanding of legal and regulatory requirements related to cybersecurity privacy and data protection laws relevant to the organization
• Knowledge of web application security concepts including common vulnerabilities like SQL injection Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
• Experience with DevOps practices and tools (CI/CD pipelines Github Teamcity Jenkins Snyk Contrast Kubernetes etc.)
• Knowledge of Application Security frameworks such as OWASP CIS controls a plus but not required
• Proficiency in application security tools (e.g. SAST RASP IAST) a plus but not required
• Ability to understand and interpret vulnerabilities and communicate business impact and remediation actions to management
• Excellent analytical presentation and communication (oral and written) skills to work with technical and non-technical audiences
• Results-oriented high energy self-motivated
• Excellent leadership teamwork and client service skills

When you join our team:

• Well empower you to learn and grow the career you want.
• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .