We’re looking for a Associate DevSecOps/Application Security Engineer to join our Global Technology team at MBPS. In this role, you will play a key, dynamic role in Minimizing security risk by monitoring, testing, and reporting on application and Application Programming Interfaces, ensuring security, redundancy, and continuity of service. Supports ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system and works with Agile and DevOps teams to deliver recommendations to secure systems, processes, and software applications.

Have the skills and experience for the job? Learn more about it below!

Position Responsibilities:

• Supports efforts to minimize security risk by monitoring, testing, and reporting on application and Application Programming Interfaces.
• Assists with managing inventory of applications, ensuring security, redundancy, continuity of service and thorough documentation.
• Supports ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
• Collaborates with Agile and DevOps teams, reviewing project documentation, researching, and referencing information security policies, delivering recommendations and guidance in the pursuit of securing systems, processes, and software applications.
• Assists in the development of application security components throughout all stages of the Software Development Life Cycle (SDLC).
• Identifies risks and areas of exposure in applications developed by/for the organization and ensures application logs and audit trails are in place.
• Measures and researches the effectiveness of security controls in complex codebases and develops and updates security patterns aligned with security requirements.
• Performs manual and automated security testing of the organization’s applications and APIs and assists in defining and documenting their application security requirements.
• Performs code security reviews statically and dynamically and participates in incident handling and performs application-related forensics activities.
• Monitors industry trends and threat landscape, recommends necessary controls and/or countermeasure, and educates developers on secure coding techniques and security leading practices.
• Amenable to work UP Ayala Technohub (Quezon City)
• Amenable to work on a hybrid set-up (3x a week onsite)
• Amenable to work in any shift schedule assigned (night shift; but flexible depending on business need)

Required Qualifications:

• A graduate of any IT related courses (Fresh graduates are welcome to apply)

• Development and/or security-related experience with web applications, web services, and mobile applications including at least 2 of the following core languages: .NET, Java, Angular, NodeJS, Python
• Understanding of cloud security concepts and architectures (AWS, Azure), web application frameworks and protocols (HTTP, SSL/TLS, OAuth, etc.)
• Understanding of network security principles, including firewalls, intrusion detection/prevention systems (IDS/IPS), and secure network protocols (e.g., SSL/TLS)
• Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization
• Knowledge of web application security concepts, including common vulnerabilities like SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF)
• Experience with DevOps practices and tools (CI/CD pipelines, Github, Teamcity, Jenkins, Snyk, Contrast, Kubernetes, etc.)
• Knowledge of Application Security frameworks such as OWASP, CIS controls, a plus but not required
• Proficiency in application security tools (e.g., SAST, RASP, IAST), a plus but not required
• Ability to understand and interpret vulnerabilities and communicate business impact and remediation actions to management
• Excellent analytical, presentation, and communication (oral and written) skills to work with technical and non-technical audiences
• Results-oriented, high energy, self-motivated
• Excellent leadership, teamwork, and client service skills

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.