Security Engineer

The Security Engineer plays a key role in strengthening Manulifes application security posture across its digital products platforms and financial services systems. Operating with greater autonomy this role leads security assessments drives remediation efforts and actively contributes to the development of AppSec programs and standards. The ideal candidate brings solid hands-on experience in secure software development offensive security techniques AI-driven security automation and cross-functional leadership all grounded in Manulifes core values.

Position Responsibilities:

• Lead end-to-end application security assessments including SAST DAST manual code reviews and penetration testing.

• Independently conduct ad hoc and scheduled penetration testing on web applications APIs AI/ML and mobile applications documenting and presenting findings to stakeholders.

• Perform in-depth analysis of OWASP Top 10 and advanced vulnerability classes including business logic flaws broken access control and insecure deserialization.

• Design code and deploy AI-powered automation tools and security scripts that enhance vulnerability detection threat triage and testing efficiency at scale.

• Write clean maintainable code to build internal security tooling integrations and AI-assisted workflows that reduce manual effort across the Security Engineering Team.

• Conduct threat modeling for complex high-risk systems and new product initiatives recommending security architecture improvements.

• Serve as a security advisor and informal leader to development and product teams driving security-by-design principles and secure coding best practices.

• Mentor and coach associate security engineers
  conducting knowledge-sharing sessions reviewing their work and supporting their professional development.

• Produce clear risk-rated vulnerability reports with actionable remediation guidance for both technical and non-technical audiences.

• Contribute to the development and maintenance of application security policies standards playbooks and training materials.

• Stay ahead of evolving threats and vulnerabilities in the financial services and fintech space translating intelligence into actionable controls.

Required Qualifications:

• 36 years of hands-on experience in application security with demonstrated ownership of security assessments and remediation cycles.

• Deep familiarity with OWASP Top 10 OWASP Testing Guide (OWTG) and OWASP Application Security Verification Standard (ASVS).

• Proven experience conducting Web application API AI/ML Mobile and Desktop penetration testing using tools such as Burp Suite Pro OWASP ZAP or Metasploit.

• Demonstrated ability to code and build AI-powered security automation tools including scripts or integrations using Python JavaScript or similar languages.

• Experience working with AI/ML APIs or LLM-based tools to automate security workflows such as vulnerability analysis report generation or threat detection.

• Demonstrated leadership skills including the ability to guide peers facilitate technical discussions and influence security outcomes across teams.

• Excellent communication skills able to articulate risk clearly to both technical teams and business stakeholders.

• Has background in threat modeling and mobile penetration testing.

Preferred Qualifications:

• Industry certifications such as OSCP GWAPT eWPT CSSLP CISSP or equivalent.

• Experience in banking insurance or financial services with working knowledge of PCI-DSS BSP regulations ISO 27001 or SOC 2.

• Cloud security experience on AWS Azure or GCP including knowledge of cloud-native appsec controls.

• Experience with mobile application security testing on iOS and Android platforms.

• Proficiency in threat modeling using STRIDE PASTA or similar methodologies for complex multi-tier systems.

• Exposure to red team exercises or bug bounty programs.

• Track record of leading or co-leading security initiatives process improvements or cross-team programs.

When you join our team:

• Well empower you to learn and grow the career you want.

• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .