Associate Security Engineer

The Associate Security Engineer is responsible for helping safeguard Manulifes digital products platforms and APIs from software-level threats. Working with Security Engineering Team this role partners closely with Software Engineering DevOps and Risk Management to embed security throughout the software development lifecycle (SDLC). The ideal candidate is a technically curious professional with a foundational understanding of secure coding practices OWASP standards and a passion for protecting financial systems and customer data all while living Manulifes core values every day.

Position Responsibilities:

• Perform secure code reviews and static application security testing (SAST) on external internal and third-party applications.

• Assist in conducting dynamic application security testing (DAST) and web application penetration testing against banking systems and APIs.

• Integrate security tooling into CI/CD pipelines (e.g. SAST SCA secrets scanning) to enable DevSecOps practices.

• Identify triage and track application vulnerabilities including OWASP Top 10 business logic flaws and injection attacks.

• Provide security guidance and training to development teams on secure coding standards and vulnerability remediation.

• Produce detailed vulnerability reports and track remediation progress through to closure.

• Help maintain application security policies standards and playbooks aligned with banking regulations and best practices.

• Monitor the threat landscape for emerging vulnerabilities relevant to financial applications and payment systems.

• Leverage AI and automation tools to streamline security testing vulnerability detection and threat analysis workflows.

• Conduct ad hoc penetration testing on applications APIs and services to proactively identify security gaps before production releases.

Required Qualifications:

• 03 years of hands-on experience in application security software development or a related security role.

• Solid familiarity with the OWASP Top 10 OWASP Testing Guide and common web application vulnerability classes.

• Foundational knowledge of penetration testing concepts methodologies and tools (e.g. Burp Suite OWASP ZAP Metasploit) with experience performing ad hoc assessments.

• Familiarity with AI-assisted security tools and automation scripting for security workflows.

• Familiarity with application security testing tools such as Snyk Burp Suite Git Hub Git Guardian and Kali Linux.

• Basic scripting or programming skills in at least one language (Python JavaScript Java or similar).

• Understanding of RESTful APIs web technologies and common authentication mechanisms (OAuth SAML JWT).

• Strong written and verbal communication skills for documenting and presenting security findings.

Preferred Qualifications:

• Security certifications such as: CompTIA Security eJPT CEH eWPT or OSCP.
  *Note: Optional for Associate Security Engineer

• Experience using AI/ML powered security platforms or building automation scripts for repetitive security tasks.

When you join our team:

• Well empower you to learn and grow the career you want.

• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .