Director, Engineering (Security)
Shift : Rotating
We couldn’t be prouder of the talented people who have chosen to work at Manulife / John Hancock. Manulife / JohnHancock has unlimited opportunities to develop and succeed.
Security Engineering & Services within the Manulife Core Engineering Transformation (CET) team is an influential group of technology and I.
S. risk leaders that are key to shaping and securing the direction of Manulife; not only as a financial services institution but also as a technology company.
We provide services to the Canadian segment of Manulife that manage the security engineering and information risks within financial services which are compounded by the accelerating pace of technology and industry changes.
We accomplish this through mature processes of assessing security engineering risk, providing governance oversight, and through the rolling out of tools, technologies and training.
As a leader of Security Engineering & Services Team within CET, you will play a vital role of lowering confidentiality and integrity risks to Manulife’s digital assets through DevSecOps practices and products.
You will accomplish this by ensuring our DevSecOps processes for software development, vulnerability detection and mitigation help to maintain an inventory of bullet-proof applications.
You will be a significant Product Owner leader, providing risk management technical consulting services for projects and applications developed for Canadian segment.
As a Director / Lead Security Engineer, you will :
Use your extensive experience of secure software development to
Own, roadmap, establish / maintain technical products in the DevSecOps domain and establish programs that advance our security engineering culture and approach.
Manage a team which provides consulting, guidance / patterns and products to multiple software engineering groups, helping to identify coding vulnerabilities as well as mitigating them.
Use your superb communication skills to optimally manage relationships with many partners in product line engineering teams.
Be an enthusiast for security by participating and presenting in Manulife and industry events.
Identify and establish internally the latest AppSec tools to enable the automation and shifting-left of the vulnerability detection process, with an eye towards continuous improvement.
Participate in Agile delivery models with several product enablement teams.
Direct the optimization of a DevOps CI / CD pipeline to produce secure code.
Advance a program / curriculum that provides AppSec training to Canadian segment software developers.
Collect and analyze application security metrics to effectively report on our security posture.
Work with leading-edge technologies as well as with older legacy systems.
Perform proof of technology testing of new AppSec tools and procedures.
You bring and will continuously build upon the following skills :
Certifications such as CISSP, CSSLP or SANS GIAC.
Experience or knowledge in DevOpsSec is a must.
Experience in providing vulnerability mitigation strategies for web applications from an infrastructure, architecture and secure coding perspective.
Understanding of data security and privacy requirements of financial services institutions.
Knowledge of application security tools and technologies that perform; SAST, DAST, IAST and RASP
Self-motivated and results oriented with a strong customer service focus.
Extensive knowledge of the OWASP Top 10 Application Security Risks. How they can be detected, exploited and mitigated.
In-depth understanding of internet protocols, network architectures, and security technologies, including encryption and authentication (e.
g. TLS, PKI, IPSec, SAML, OpenSSL, etc)
Post-Secondary education in computer science or relevant field of study.
Working experience with many of the following protocols and technologies : HTML, XML, JSON, SOAP, APIs and microservices.
Mobile application and device security knowledge.