Application Security Engineer Threat Modeling

We are looking for Application Security Engineer (Threat Modeling) who will be directly reporting to the Manulife ETS Cyber Assessment Application Security Team. Our group is consisting of highly motivated and experienced professionals and is composed of members located across different Manulife locations such as Manila and North America. As part of the ETS Global Cyber Security, we are responsible for the practice of identifying, classifying, monitoring, remediating and/or mitigating security vulnerabilities on applications, network and APIs across the organization.

Have the skills and experience for the job? Learn more about it below!

Position Responsibilities:

• Strategic Cybersecurity: Contribute to the strategic guidance on the design of cybersecurity measures for complex systems and networks, incorporating product security strategies such as design principles and security architecture.
• Security Review: Perform and coordinate in-depth security reviews, pinpoint potential vulnerabilities, and suggest all-encompassing remediation strategies by utilizing threat modeling methodologies and threat assessment frameworks.
• Security Insights: Provide sound analysis on the security implications of introducing new systems or interfaces within our ecosystem, based on application security best practices, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) implementation.
• Security Architecture Evaluation: Assess proposed security architectures and designs to ensure they are equipped to meet both current and future security needs. This involves reviewing data flow diagrams for applications/system architectures and identifying potential threats as part of the threat modeling process.

Required Qualifications:

• University/College graduate with at least 2 years of experience related to Application Security and Threat Modeling.
• Must have background in application development / technology management.
• Good experience in application security architecture.
• Comprehensive understanding of security principles and their business implications.
• Broad knowledge of networking concepts.
• Good background in secure software development methodologies
• Familiarity with various application security testing approaches and implementation.
• Understanding of penetration testing concepts.
• Amenable to work UP Ayala Technohub (Quezon City)
• Amenable to work on a hybrid set-up (3x a week onsite)
• Amenable to work on a fixed late mid shift / night shift schedule

Must Have / Preferred Qualifications:

• Knowledge of industry trends, regulatory requirements, and their impact on security architecture.
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement.
• Recognizable organizational and problem-solving abilities that enable you to manage through creative abrasion.
• Proven stakeholder management skills and able to effectively articulate risk posture, technical vision, possibilities, and outcomes through strong verbal and written communication.
• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.