Senior Application Security Specialist

ManulifeToronto, ON
CA$113,000 - CA$163,000Hybrid

About The Position

Manulife is seeking an experienced Senior Application Security Specialist to join their team. The successful candidate will play a critical role in establishing and maintaining security and risk governance frameworks. This role involves monitoring threats, assessing vulnerabilities, and ensuring compliance with organization’s standards and regulatory requirements.

Requirements

  • Strong understanding of information security controls, vulnerability management, and risk management frameworks (NIST CSF, ISO 27001/27002).
  • Experience working with Cloud technologies (Azure, AWS, Ali Cloud)
  • Knowledge of cybersecurity principles, internal controls, and risk management tools.
  • Proficiency in data visualization tools (Tableau, Power BI) and statistical data analysis.
  • Hands‑on experience with tools such as JIRA, Confluence, and Microsoft 365.
  • Experience with cybersecurity assessment frameworks (PTES, OWASP, OSSTM) and penetration testing.
  • Understanding of legal and regulatory requirements related to cybersecurity and IT governance.
  • Excellent communication skills to effectively convey risk assessments and security recommendations.
  • Knowledge of ticketing and tracking tools such as ServiceNow – Security Operations, GRC systems like Archer.
  • Understanding of legal and regulatory requirements related to technology risk management
  • Familiarity with cybersecurity governance frameworks and their implementation
  • Knowledge of statistical data analysis and reporting toolsets
  • In-depth knowledge of risk assessment methodologies and risk management frameworks.
  • Proficiency in using risk assessment tools and software.

Nice To Haves

  • CISSP, CSSLP, OSCP, GWAPT or equivalent industry-recognized security certifications.
  • Cybersecurity, Security Monitoring Vulnerability Assessment, Penetration Testing Threat Modeling, Security Assessment, Security Testing Cyber Threat Intelligence

Responsibilities

  • Perform code scanning, validation, tuning, and optimization using SAST, DAST, and SCA tools (e.g., Snyk, Burp Suite, SonarQube, Veracode, and Checkmarx) to ensure accurate, prioritized, and actionable remediation results.
  • Conduct penetration testing, code scanning, secrets management (GitGuardian), and threat modeling for business applications to determine risk ratings and prioritize the vulnerabilities discovered along with the organization's remediation timelines.
  • Execute intake, triage, analysis, and reporting procedures for security assessments.
  • Experience working with code repositories such as GitHub and with CI/CD pipelines in Azure DevOps.
  • Coordinate assessment and risk analysis activities, evaluate governance processes, and recommend improvement opportunities.
  • Supports establishment, development, and maintenance of risk governance frameworks, risk assessment methodologies, risk metrics reporting, and risk management compliance protocols.
  • Conduct vulnerability assessments and prioritize remediation activities in collaboration with stakeholders.
  • Document findings and collaborate with cross-functional teams to implement corrective actions.
  • Work closely with senior security engineers, product partners, architects, and cross‑functional teams in Agile/DevOps environments.
  • Communicate risk and compliance assessments and recommendations to business units and senior management.
  • Lead and participate in meetings to review outstanding vulnerabilities and clarify business and technical impacts.
  • Develop and report actionable KPIs and KRIs aligned with application security policies and standards.
  • Analyze cyber defense policies for compliance with regulations and organizational standards.
  • Lead meetings to analyze risk indicators and develop executive-level dashboards.
  • Maintain comprehensive documentation of governance processes and contribute to policy updates.
  • Stay updated on evolving cybersecurity threats and contribute to enhancing risk reporting processes.
  • Provide professional advice and take a lead role in process or program execution.
  • Be accountable for own work and contribute to setting standards through expertise in own job discipline that impacts other deliverables.

Benefits

  • health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans.
  • various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources.
  • generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service