Application Penetration Tester Lead

Are you looking for a supportive and collaborative workplace with great benefits, strong culture, and clear career development? You’ve come to the right place.

Why choose Manulife?

• Competitive Salary packages and performance bonuses
• Day 1 HMO + FREE coverage for your dependents (inclusive of same-sex partners)
• Retirement savings benefit
• Rewarding culture that values wellness and well-being
• Performance Bonus
• Global network of industry experts
• Extensive training resources

Work Arrangement: Hybrid
Schedule: Mid-shift or Night shift

Job Summary

Manulife’s Global Cybersecurity Services - Application Security is building up a penetration testing Centre of Excellence (COE) to deliver penetration test related capabilities for all segments in Manulife. As a Application Penetration Testing Lead at MBPS, As a project manager, you will be working closely with our business team and penetration testers to manage penetration tests across different segments to ensure penetration test schedules are complied, and tests are conducted in accordance to the requirements and reports are clearly delivered.
Have the skills and experience for the job? Learn more about it below!

Responsibilities

Functional:

• Covers majority of the Web Applications and/or Network Security, plus the Microservices.
• Working knowledge in Mobile VAPT either for IOS or Android.
• Handles “medium to complex” penetration testing deliverables.
• Propose, examine and assist in the acquisition and development of suitable penetration testing tools to ensure the delivery of quality services to our business.
• Maintain an ongoing awareness of trends in penetration testing technology, as well as target environment technologies and regulatory requirements.
• Apply creative problem solving throughout a secure software development life cycle to continuously improve the effectiveness of the end-to-end process.
• Provides guidance and peer reviews to associate/intermediate pentesters for any support.

Technical Leadership:

• Provide Technical Leadership for Web and Mobile Application Penetration Testing Execution.
• Handles complex / critical VAPT items of systems, networks, web applications and mobile (both iOS and Android).
• Contribute to shaping the security testing strategy and drive the adoption of advanced testing practices within organization.
• Build standards and recommend improvements in the procedure to keep the team up-to-date with the trends and methodologies.
• Document findings and provide detailed reports with recommendations for remediation.
• Participate in client meetings to discuss findings and manage process escalations from the different markets / towers as needed.
• Facilitate capability development initiatives for Associate and Intermediate resources like training, coaching and mentoring.

Qualifications

• Demonstrated experience (minimum 5 years) in performing hands-on penetration tests against external and internal networks, operating systems, web applications
• At least 2 years experience in mobile penetration testing
• Must have at least 1 year experience as technical lead (able to manage and execute pentesting activities for the team)
• Holds several Information Security or related Certification such as OSCP, OSCE, CEH, GWAPT, GPEN, eWPT.
• Bachelor’s degree in Computer Science or related discipline.
• Demonstrated technical knowledge of current vulnerabilities, exploits and tools.
• Experience in developing advanced attacking capabilities and methods.
• Extensive technical knowledge of security industry best practices and procedures.
• Demonstrated experience with security assessment frameworks and procedures, including following industry best practice methodologies for penetration testing and the ability to perform both manual and automated testing.
• Experience in researching evolving exploits, techniques, and tools in support of penetration testing efforts.
• Experience in developing security tools, using scripts and utilities to automate assessment and analysis activities
• Excellent verbal and written communication skills including the ability to write clear and concise assessment reports that include of findings, recommendations, road maps, and actionable plans.
• Exceptional stakeholder management and interpersonal skills.
• Work closely with executives, peers and employees at all levels.
• Strong time management and organizational.
• High degree of integrity, competence, adaptability, resilience and initiative.
• Experience working in an international environment with people from multiple cultures.
• Expert/Advanced in the following: Vulnerability Assessment, Penetration Testing, Threat Modeling, Security Risk Assessment, Risk Management, Security Testing, Security Compliance, Cyber Threat Intelligence.

Let's make every day better together. Learn about our opportunities at JOBS.MANULIFE.COM

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Hybrid