Senior Application Security Engineer

We are looking for a highly skilled Senior Application Security Engineer to lead our Dynamic Application Security Testing (DAST) and Application Security Engineering Secrets Management and Remediation. In this role, you will shape the strategy, governance, and continuous improvement of security testing capabilities. You will collaborate with Engineering and DevOps teams to integrate security testing into the SDLC, assess and prioritize vulnerabilities, and guide remediation efforts. Success in this position requires strong technical depth in DAST, penetration testing, Application Security Engineering RapidLab/Secrets Management and Remediation, and automation, paired with excellent communication and leadership skills.

Position Responsibilities
Dynamic Application Security Testing (DAST)

• Provide strategic leadership for the organization’s Dynamic Application Security Testing (DAST) program, including governance, oversight, and continuous improvement.
• Manage end-to-end onboarding of applications into the DAST program, ensuring appropriate scoping, configuration, and alignment with security requirements.
• Configure, execute, and optimize automated DAST scans to maximize coverage while minimizing false positives.
• Conduct manual DAST assessments for complex, high-risk, or non-standard application environments.
• Serve as a technical escalation point for DAST tooling, configuration issues, integration needs, and troubleshooting activities.
• Review, validate, and triage DAST results, ensuring clear prioritization and effective communication of findings to engineering stakeholders.
• Maintain and enhance documentation for DAST processes, standards, operational procedures, and best practices.
• Develop and maintain automation scripts (e.g., Python, Bash, PowerShell) to streamline DAST workflows, reporting, onboarding, and operational tasks.
• Integrate automated DAST capabilities into CI/CD pipelines to support continuous security testing.
• Identify new opportunities for automation and process optimization to drive program efficiency and scalability.

Application Security Engineering Secrets Management and Remediation

• Lead the enterprise secrets scanning and secrets management program, including detection, classification, and preventive controls.
• Partner with engineering and IAM to implement secure secrets storage solutions (vaulting, rotation, lifecycle management).
• Ensure timely revocation, rotation, or replacement of exposed secrets in alignment with risk policies and operational requirements.
• Provide strategic leadership in driving the enterprise secrets remediation program in partnership with the Application Security and broader Cyber Assessment teams.
• Represent the program in key project meetings, including discovery sessions, solution architecture reviews, and project checkpoints to align technical direction with business and security objectives.
• Balance technical solutions with business needs, leveraging design thinking, stakeholder engagement, and effective communication to ensure seamless adoption.
• Apply advanced problem‑solving skills throughout the secure SDLC to continuously strengthen end‑to‑end processes and reduce recurring secret‑related risks.
• Support a culture of continuous learning, mentoring team members and promoting knowledge sharing across successes, failures, and evolving best practices.

Process Improvement & Cross-Functional Collaboration

• Collaborate closely with Engineering, DevOps, Product, and Risk teams to improve security processes, enhance tool integrations, and support secure development practices.
• Contribute to incident response, change management, and operational troubleshooting as they relate to DAST or broader application security controls.
• Proactively assess the DAST program for gaps, risks, and areas of improvement, and lead initiatives to strengthen overall governance.
• Maintain clear, comprehensive documentation, including playbooks, procedures, workflows, and operational guidelines.

Penetration Testing

• Able to perform penetration testing activities on applications and related components when required.
• Capable of producing clear reports that outline issues and recommend improvements.
• Collaborate effectively with technical teams to support remediation efforts and promote secure development practices.

Required Qualifications

• Extensive hands-on experience with DAST tools, methodologies, and configuration best practices.
• Strong scripting skills (e.g., Python, Bash, PowerShell) for automation and operational efficiency.
• Deep understanding of web application security principles, the OWASP Top 10, and common attack patterns.
• Demonstrated experience performing manual penetration testing.
• Excellent communication skills with the ability to collaborate effectively across technical and non-technical teams.
• Proven experience developing documentation and driving structured process improvements.
• Amenable to work in UP Ayala Technohub (Quezon City)
• Amenable to work in a hybrid set-up (3x onsite per week)
• Amenable to work in a mid shift schedule

Preferred Qualifications

• Experience integrating DAST capabilities into CI/CD pipelines and development workflows.
• Knowledge of containerized environments, cloud platforms, and microservices architectures.
• Relevant industry certifications (e.g., OSCP, OSWE, GWAPT, CEH, GIAC).
• Experience with secure SDLC frameworks or application security governance programs.
• Background mentoring or leading team members.
• Exposure to advanced penetration testing techniques, tools, or methodologies beyond baseline requirements.
• Hands‑on experience with enterprise secrets management platforms, including Azure Key Vault, HashiCorp Vault, AWS Secrets Manager, or equivalent solutions.
• Familiarity with GitOps, DevSecOps, and SRE practices related to secrets handling.
• Knowledge of secrets detection tools and techniques (e.g., GitLeaks, TruffleHog, GitGuardian, GHAS secret scanning).

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.

Hybrid