Senior Security Engineer (Offensive Security)

Senior Security Engineer (Offensive Security) Join to apply for the Senior Security Engineer (Offensive Security) role at John Hancock .The OpportunityWork arrangement : Hybrid (3 days in office, 2 days from home)Office locations : Toronto - Canada (primary) or Boston - USAAt John Hancock, we are hiring for Senior Security Engineer (Offensive Security). This role reports directly to the Cyber Defense Lead. You'll work closely with our Cyber Defense Lead to drive robust security practices across the organization. You'll be deeply involved in application security, threat modeling, and you'll actively engage in hands-on assessments, integrating red teaming to identify vulnerabilities and strengthen our defenses while mentoring developers to foster a strong security culture. This is an exciting opportunity for a proactive leader who enjoys being hands-on with the keyboard and wants to make a significant impact on how we approach cybersecurity. If you’re ready to influence our security direction and champion best practices, we want you on our team.This role will serve as a Subject Matter Expert (SME) in application security, advocating for robust security practices, educating developers, and assisting with threat modeling. The ideal candidate will have a strong background in offensive security, proficiency in coding, tool development, and mentoring, demonstrating a well-rounded expertise in both technical and leadership aspects of cybersecurity, with the potential to develop new security solutions such as breach and attack simulations.Position ResponsibilitiesStrategic Cybersecurity Leadership : Provide expert guidance on designing and implementing cybersecurity measures for complex systems. Develop and promote security strategies including design principles and security architecture.Application Security Expertise : Act as a SME in application security, advocating for best practices and helping to drive the security agenda within the organization. Educate developers on security principles, practices, and tools.Threat Modeling and Assessment : Lead and support threat modeling activities to identify and assess potential security risks. Use threat modeling methodologies to guide the development and implementation of effective remediation strategies.Security Portfolio Development : Explore and potentially build new security solutions, such as breach and attack simulations, to enhance the organization’s security posture and readiness.Maintain, configure, and analyze security platforms and tools.Serve as a subject matter expert on Cloud security, in both Azure / 0365 and AWS.Lead application vulnerability management efforts across the company's infrastructure and applications.Collaboration and Communication : Work closely with cross-functional teams, including developers and security professionals, to integrate security practices into the development lifecycle. Articulate security risks, technical strategies, and outcomes effectively through strong verbal and written communication.Presentation and Training : Develop and deliver presentations and training sessions to raise security awareness across the organization. Create and present engaging content tailored to various audiences, including technical teams and non-technical stakeholders, to promote understanding and adoption of security best practices.Must-HavesRequired Qualifications : Proven track record in penetration testing / red teaming.Strong knowledge of SAST, DAST, and application security practices.Proficiency in a programming language (e.g., Python) and hands-on with security tools (e.g., Metasploit, Burp Suite, Cobalt Strike etc.).Bachelor’s degree in computer science, Information Security, or a related field.At least 5 years of experience in cybersecurity, with expertise in one or more of the following areas : (1) application security, (2) threat modeling, (3) security architecture, (4) penetration testing, (5) ethical hacking, (6) vulnerability assessment, and (7) red teaming.In-depth knowledge of application security testing techniques, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).Excellent problem-solving skills, with the ability to manage complex security issues and drive creative solutions.Demonstrated ability to manage stakeholders and communicate effectively at all levels of the organization.Self-driven and capable of working independently with minimal supervision.Flexibility to work onsite or remotely based on business needs.Hands-on experience with Microsoft Azure.Preferred QualificationsAdvanced degrees or certifications (e.g., OSEP, OSWP, OSCP, CRTP, CRTO, CISSP, CISM) are a plus.Strong background in offensive security and coding, with hands-on experience in penetration testing and security assessment tools.When You Join Our TeamWe’ll empower you to learn and grow the career you want.We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.As part of our global team, we’ll support you in shaping the future you want to see.About Manulife And John HancockManulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit our story .Manulife is an Equal Opportunity EmployerAt Manulife / John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process.Primary Location : Toronto, OntarioWorking Arrangement : HybridSalary range is expected to be between : $94,220.00 CAD - $174,980.00 CADIf you are applying for this role outside of the primary location, please contact recruitment@manulife.com for the salary range for your location.Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption / surrogacy and wellness benefits, and employee / family assistance plans.Seniority level : Mid-Senior levelEmployment type : Full-timeJob function : Information TechnologyIndustries : Insurance#J-18808-Ljbffr

Salary : $94,220 - $174,980