Ce recruteur est en ligne!

Voilà ta chance d'être vu en premier!

Postuler maintenant

Senior Security Engineer

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

Security Engineering Services & DevSecOps within the Manulife Core Engineering Transformation (CET) team is an influential group of technology and Information Security leaders that are key to shaping and securing the direction of Manulife; not only as a financial services institution but also as a technology company. We provide services to the Canadian segment of Manulife that manages the security engineering and information risks within financial services which are compounded by the accelerating pace of technology and industry changes.  We accomplish this through mature processes of assessing security engineering risk, providing governance oversight, and through the rolling out of tools, technologies and training.

As a Senior Security Engineer - Offensive Security, you will play a vital role of lowering confidentiality and integrity risks to Manulife’s digital assets through DevSecOps practices and products. You will accomplish this by taking ownership of the Cloud, Application security & DevSecOps portfoilo, conducting security testing (automatic, manual), creating new ways of solving security issues, implementing security automation, ensuring our DevSecOps processes for software development, vulnerability detection and mitigation help to maintain an inventory of bulletproof applications.

You will be a significant contributor in providing risk management technical consulting services for projects and applications developed for Canadian segment.

  • Conduct Penetration testing against applications and infrastructure components (included cloud) 

  • Perform technical assessment, configuration and secure design review of applications and cloud infrastructure 

  • Participate in threat modelling and design review activities

  • Use your extensive and current experience of secure software development to provide consulting, guidance/patterns and products to multiple software engineering groups, helping to identify coding vulnerabilities as well as mitigating them.

  • Use your excellent communication skills to effectively maintain relationships with many stakeholders in product line engineering teams.

  • Internally identify and establish the latest Application and Cloud security tools to enable the automation and “shifting-left” of the vulnerability detection process, with an eye towards continuous improvement.

  • Participate in Agile delivery models with several product enablement teams.

  • Direct the optimization and enforce security gates within a DevOps CI/CD pipeline to produce secure code.

  • Advance a program / curriculum that provides Application Security training to software developers.

  • Collect and analyze application security metrics to effectively report on our security posture.

  • Automate existing processes (scripts, tooling).

You will bring and continuously build upon the following skills:

  • Experience in application security and/or cloud security

  • Experience in providing vulnerability mitigation strategies for infrastructure components and web applications from an infrastructure, architecture and secure coding perspective.

  • Exposure to Kubernetes, Infrastructure as a code, Terraform and DevOps pipeline.

  • Knowledge of application security tools and technologies that perform SAST, DAST, IAST and RASP

  • Extensive knowledge of Application Security Risks.  How they can be detected, exploited and mitigated.

  • In-depth understanding of internet protocols, network architectures, and security technologies (e.g. TLS, PKI, IPSec, SAML, OpenSSL, etc)

  • Experience in one or more of the following: Python, Java, Javascript, Node.js, .Net, Perl, SQL and other shell scripts.

  • Working experience with many of the following protocols and technologies: HTML, XML, JSON, SOAP, APIs and microservices.

  • Understanding of data security and privacy requirements of financial services institutions.

  • Mobile application and device security knowledge.

Certifications such as CISSP, OSCP, OSCE, GWAPT, GPEN, CEH, CompTIA Security +, etc is considered an asset.

You will join a team with

  • A bold ambition and set of goals to drive transformation in our industry

  • A leadership team dedicated to your growth and success

  • Our best. Every day.


If you are ready to unleash your potential, it’s time to start your career with Manulife/John Hancock.


About Manulife

About Manulife Manulife Financial Corporation is a leading international financial services provider that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and our global wealth and asset management segment, Manulife Investment Management, serves individuals, institutions and retirement plan members worldwide. At the end of 2020, we had more than 37,000 employees, over 118,000 agents, and thousands of distribution partners, serving over 30 million customers. As of March 31, 2021, we had CAD$1.3 trillion (US$1.0 trillion) in assets under management and administration, and in the previous 12 months we made $31.3 billion in payments to our customers. Our principal operations are in Asia, Canada and the United States where we have served customers for more than 155 years. We trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.


 

Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.

Lire la suite

Exigences

Niveau d'études

non déterminé

Diplôme

En cours

Années d'expérience

non déterminé

Langues écrites

non déterminé

Langues parlées

non déterminé