Associate DevSecOps/Application Security Engineer

About This Role

Responsibilities

• Supports efforts to minimize security risk by monitoring, testing, and reporting on application and Application Programming Interfaces.
• Assists with managing inventory of applications, ensuring security, redundancy, continuity of service and thorough documentation.
• Supports ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
• Collaborates with Agile and DevOps teams, reviewing project documentation, researching, and referencing information security policies, delivering recommendations and guidance in the pursuit of securing systems, processes, and software applications.
• Assists in the development of application security components throughout all stages of the Software Development Life Cycle (SDLC).
• Identifies risks and areas of exposure in applications developed by/for the organization and ensures application logs and audit trails are in place.
• Measures and researches the effectiveness of security controls in complex codebases and develops and updates security patterns aligned with security requirements.
• Performs manual and automated security testing of the organization's applications and APIs and assists in defining and documenting their application security requirements.
• Performs code security reviews statically and dynamically and participates in incident handling and performs application-related forensics activities.
• Monitors industry trends and threat landscape, recommends necessary controls and/or countermeasure, and educates developers on secure coding techniques and security leading practices.
• Amenable to work UP Ayala Technohub (Quezon City)
• Amenable to work on a hybrid set-up (3x a week onsite)
• Amenable to work in any shift schedule assigned (night shift; but flexible depending on business need)

Requirements

• Graduate of any IT related courses (Fresh graduates welcome)
• Development and/or security-related experience with web applications, web services, and mobile applications including at least 2 of the following core languages: .NET, Java, Angular, NodeJS, Python
• Understanding of cloud security concepts and architectures (AWS, Azure)
• Knowledge of web application frameworks and protocols (HTTP, SSL/TLS, OAuth, etc.)
• Understanding of network security principles, including firewalls, intrusion detection/prevention systems (IDS/IPS), and secure network protocols (SSL/TLS)
• Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws
• Knowledge of web application security concepts, including common vulnerabilities like SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF)
• Experience with DevOps practices and tools (CI/CD pipelines, Github, Teamcity, Jenkins, Snyk, Contrast, Kubernetes, etc.)
• Knowledge of Application Security frameworks such as OWASP, CIS controls (plus but not required)
• Proficiency in application security tools (SAST, RASP, IAST) (plus but not required)
• Ability to understand and interpret vulnerabilities and communicate business impact and remediation actions to management
• Excellent analytical, presentation, and communication (oral and written) skills
• Results-oriented, high energy, self-motivated
• Excellent leadership, teamwork, and client service skills

Benefits & Perks

About Manulife

Manulife Financial Corporation is a prominent international financial services provider based in Toronto, Canada. With over 36 million customers worldwide, the company employs more than 37,000 people and has a network of over 109,000 agents. Founded in 1887, Manulife has a rich history of expansion, beginning with its first policy sold outside Canada in Bermuda and later entering the U.S. market in 1903. Manulife offers a wide range of financial services and insurance products, including life insurance, personal health insurance, group benefits, income protection, travel insurance, annuities, banking services, estate planning, and investment solutions. The company operates under the Manulife brand in Canada, Asia, and Europe, and as John Hancock in the United States. With a mission to simplify financial and insurance services, Manulife aims to enhance customer experiences and meet their needs effectively.