Specialist, Application Security
About the role
The Global Technology team at Prudential takes pride in their culture of digital transformation. This role is within the Attack Surface Management Team, partnering with other security professionals and engineering groups to advance the organization's application security program and reduce risks across the global enterprise.
Responsibilities
- Serve as the escalation point for operational and project work from junior team members, providing technical support for security tools and solutions, and implementing assessment and response processes.
- Utilize AppSec tool and process expertise to resolve complex technical and organizational challenges, bridging gaps between AppSec/DevOps and IT/business teams to ensure resource availability for team goals.
- Collaborate with leadership to define the future direction of the AppSec program, while maintaining a deep understanding of daily operations to offer informed recommendations.
- Enhance vulnerability and configuration monitoring for open source, third-party, and proprietary code and applications, integrating security best practices into development and operations.
- Design, develop, and implement security policies and alerting mechanisms based on SOX and NIST standards, and assist in evaluating new software solutions.
- Conduct qualitative and quantitative analyses to improve user experience, promoting secure-by-design principles throughout the software development lifecycle.
- Validate mitigation controls, ensure reporting metrics convey risk posture to leadership, and adapt them as necessary.
- Revise processes, metrics, and documentation to enhance AppSec program capabilities, providing proof-of-concept exploits to demonstrate exploitability and validate remediation actions.
- Collaborate with technology peers and business stakeholders to ensure remediation efforts comply with corporate standards, creating technical documentation and SoPs for internal security processes.
- Work with engineering teams to address application vulnerabilities, developing remediation and mitigation strategies, and define requirements for automation tools to manage application security posture.
Requirements
- Bachelor of Computer Science or Engineering or experience in related fields.
- Experience with agile development methodologies and Test-Driven Development (TDD).
- Knowledge of business concepts, tools, and processes needed for making sound decisions in the context of the company's business.
- Ability to learn new skills and knowledge on an ongoing basis through self-initiative and tackling challenges.
- Excellent problem-solving, communication, and collaboration skills.
- Applied experience with several of the following: familiarity with vulnerability and security scanning tools, experience improving vulnerability management platforms, processes, and assessments, engineering mindset, systems thinking, creative problem solving, deductive reasoning, experience with industry Assessment Frameworks (OWASP WSTG, PTES, Mitre Att@ck Framework), SAST, SCA, DAST, ASPM tools, strong understanding of software composition analysis and SBOMs, ability to adjust communication style to the target audience, proficiency in communicating technical and business risk, understanding of threat actors, ability to articulate how they operate and demonstrate how they subvert common security controls, understanding of the OWASP Top 10, familiarity with vulnerabilities in 3rd party libraries and remediation.
Qualifications
- Preferred qualifications include scripting background (Python, PowerShell, Bash, etc.), understanding of threat actors, knowledge of industry security standards and frameworks (CIS, NIST, PCI DSS), ability to perform exploit validation and web application penetration testing, agentic AI for Security use cases, ability to leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization, GIAC Web Application Penetration Tester (GWAPT), CompTIA Advanced Security Practitioner (CASP+), GIAC Cloud Security Automation (GCSA), IT Security certification beyond intro level certifications, cloud (AWS, Azure, GCP, etc.) certs, other security certifications beyond intro level.
Skills
- Familiarity with vulnerability and security scanning tools, as well as common vulnerability data sources and frameworks (CVE, CVSS, EPSS, CWE).
- Experience improving vulnerability management platforms, processes, and assessments.
- Engineering mindset – systems thinking, creative problem solving, deductive reasoning.
- Experience with industry Assessment Frameworks (OWASP WSTG, PTES, Mitre Att@ck Framework).
- SAST, SCA, DAST, ASPM tools.
- Strong understanding of software composition analysis and SBOMs.
- Ability to adjust communication style to the target audience with a proficiency in communicating technical and business risk.
- Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls.
- Knowledge of industry security standards and frameworks (CIS, NIST, PCI DSS).
- Ability to perform exploit validation and web application penetration testing.
- Agentic AI for Security use cases.
- Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.
Benefits
Market competitive base salaries, with a yearly bonus potential at every level. Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave. 401(k) plan with company match (up to 4%). Company-funded pension plan. Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs. Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development. Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs. Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance.
Pay
$99,700.00 to $148,500.00
Schedule
N/A