Penetration Tester

Manulife is a leading international financial services provider, helping people make decisions easier and lives better. Help shape the future you want to see — and discover that better can take you anywhere you want to go.

Position Responsibilities:

• Evaluates the security posture of the organization, assessing potential threats and vulnerabilities.
• Develops and communicates the understanding of the potential impacts of a cyber-attack to all relevant stakeholders.
• Evaluates different security solutions and provides advice on how to best protect the organization from cyber threats.
• Ensures alignment with corporate and regulatory requirements for the management of information security program.
• Performs security assessments to identify possible security vulnerabilities within the organization and develops security controls, policies and procedures to address any issues that may exist.
• Conducts comprehensive network scans and manual network assessments, including penetration testing and vulnerability scans.
• Advises in implementation of appropriate security controls to mitigate the identified vulnerabilities.
• Coordinates with relevant teams to discuss and remediate security assessment results and update information security programs with areas of improvement.

Required Qualifications:

• Strong understanding of cybersecurity, computer networks and IT systems
• Knowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 Controls
• Knowledge with the latest security trends and ability to make recommendations for improved security measures
• Experience manually testing web applications or enterprise penetration testing
• Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization
• Knowledge of relevant cybersecurity assessment frameworks (PTES, OWASP, OSSTM)
• Strong understanding of the organization’s infrastructure, policies, and procedures in order to provide comprehensive security assessments and recommendations
• Ability to develop tools and exploits to support security testing
• Performs a range of less structured work assignments
• May coordinate or lead small projects or work streams as planned
• Applies experience, judgment, guidelines, policies and precedents to analyze situations and complete assignments
• Skills: Vulnerability Assessment, Penetration Testing, Threat Modeling, Security Risk Assessment, Risk Management, Security Testing, Security Compliance, and Cyber Threat Intelligence

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.