Lead, Application Security
About the role
The Global Technology team at Prudential takes pride in building innovation, speed, agility, scalability, and efficiency into our DNA. As a Lead, Application Security, you will play a critical technical and strategic leadership role in advancing Prudential's enterprise application security program.
Responsibilities
- Serve as the technical lead and escalation point for complex operational and project work across the Application Security and Attack Surface Management domains.
- Provide expert-level technical leadership for application security tools, platforms, and assessment methodologies.
- Lead the design, evolution, and execution of application security assessment, response, and risk governance processes.
- Leverage deep AppSec and DevSecOps expertise to solve complex technical, process, and organizational challenges impacting risk reduction.
- Partner with senior leadership to define the future-state vision for Prudential’s application security program, informed by hands-on operational insight.
- Lead the maturation of vulnerability and configuration monitoring across first-party, third-party, and open-source software.
- Drive the integration of security controls into CI/CD pipelines, enabling automated enforcement, monitoring, and reporting.
- Operate as a senior escalation point, trusted advisor, and technical authority, working on highly complex and ambiguous problems where judgment, experience, and influence are required.
- Champion secure-by-design principles across the SDLC through guidance, standards, tooling, and hands-on engagement.
- Validate and document compensating controls and mitigations to manage risk until remediation is complete.
- Ensure risk and performance metrics accurately represent application security posture for executive and regulatory audiences.
- Develop proof-of-concept exploits in lab environments to demonstrate exploitability and validate remediation effectiveness.
- Provide mentorship and technical guidance to junior team members, raising overall team capability and consistency.
- Define requirements for workflow orchestration and automation to manage application security posture at enterprise scale.
Requirements
Bachelor of Computer Science/Engineering or formal experience in related fields. Deep familiarity with vulnerability and security frameworks and data sources (CVE, CVSS, EPSS, CWE). Proven experience leading and maturing application security and vulnerability management programs. Strong ability to partner with engineering teams to validate findings, reduce false positives, and drive effective remediation. Engineering mindset with strong systems thinking and problem-solving skills. Excellent written and verbal communication, with the ability to articulate technical and business risk to varied audiences. Experience working in agile and DevSecOps environments. Hands-on experience with industry frameworks (OWASP Top 10, OWASP WSTG, PTES, MITRE ATT&CK). Deep experience with SAST, SCA, DAST, and ASPM tooling. Strong understanding of software composition analysis (SCA), SBOMs, and supply chain risk. Scripting and automation experience (Python, PowerShell, Bash). Experience performing exploit validation and web application penetration testing. Strong understanding of threat actors and real-world attack techniques. Knowledge of security standards and frameworks (NIST, CIS, PCI DSS). Experience applying Agentic AI or AI-assisted approaches to security use cases. Advanced security certifications (e.g., OSCP, GPEN, GWAPT, CASP+, GCSA, GCFA, GCIH). Cloud certifications (AWS, Azure, GCP).
Skills & Expertise
- Deep expertise in modern application architecture, cloud security, and DevSecOps.
- Forward-looking mindset focused on scaling security through automation, policy-as-code, and engineering-first solutions.
Benefits
Market competitive base salaries, with a yearly bonus potential at every level. Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave. 401(k) plan with company match (up to 4%). Company-funded pension plan. Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs. Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development. Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs. Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance.