Overview
On Site
USD 99,700.00 - 148,500.00 per year
Full Time
Skills
Innovation
Scalability
DNA
Financial Services
Continuous Integration
Continuous Delivery
Teamwork
Software Architecture
FOCUS
Expect
DevOps
Sarbanes-Oxley
Quantitative Analysis
User Experience
Software Development
Open Source
Articulate
Security Controls
Scripting
Python
Windows PowerShell
Technical Writing
Orchestration
Workflow
Software Security
Computer Science
Software Engineering
Agile
Test-driven Development
OWASP
SCA
SAP BASIS
Conflict Resolution
Problem Solving
Collaboration
Target Audience
Communication
Presentations
Writing
Documentation
Reasoning
Analytical Skill
Attention To Detail
Information Security
Data Extraction
IT Risk Management
IT Risk
Management
Reporting
Industry-specific
Web Applications
CompTIA
Cloud Security
IT Security
GCIA
GCIH
GCFA
GPEN
OSCP
Cloud Computing
Amazon Web Services
Microsoft Azure
Google Cloud
Google Cloud Platform
Leadership
Recruiting
Pricing
Life Insurance
Insurance
Military
Legal
Finance
Programmable Logic Controller
Genetics
Law
Job Details
Job Classification:
Technology - Information Security
Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.
Your Team & Role
As a Specialist, Application Security in the Application Security team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other engineering groups in Prudential to advance Prudential's application security program. In this role, you would be responsible for efforts to secure modern applications and ensuring "secure by design" development best practices across all digital assets in alignment with industry standards. You will track and govern risk reduction. You will work with partner organizations to consult on implementation efforts, mature operational processes and enable automation CI/CD controls for enforcement and monitoring. In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.
The ideal candidate will have a deep understanding of modern application architecture, cloud-native security, and DevOps practices. Forward-thinking is required for this role to include focus on how to securely develop systems, enable self-service and incorporate capabilities for Security to scale and defend against evolving threats.
Here is What You Can Expect on a Typical Day
Function as the escalation point for all daily operational work as well as project work from more junior staff on the team.
Leverage AppSec tool/process specific knowledge to resolve complex technical/process/people problems the team faces.
Leverage organizational and industry knowledge to bridge gaps between the AppSec/DevOps teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.
Partner with leadership to set direction for the future of the AppSec program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations.
Maturing existing vulnerability and configuration monitoring capabilities for open source, third party and first party code and applications.
Collaborate with cross functional teams to integrate security best practices into development and operations, implement these as controls.
Mature and develop /design and assist in implementing security policies and alerting mechanisms in our security stack based on SOX and NIST standards.
Assist in vetting new software solutions and provide guidance and support to the other teams.
Employ a variety or qualitative and quantitative analysis techniques to continually improve user experience.
Promote the adoption of secure-by-design principles and practices throughout the software development lifecycle.
Validate proper mitigation controls are in place until remediation activities are complete.
Ensure reporting metrics relay proper risk posture to leadership and evolve as necessary support.
Revise processes and procedures, metrics, and documentation that continue to improve the AppSec program capabilities.
Provide proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed / implemented remediation actions
Experience with common vulnerability feeds from government, vendor, and open-source communities
Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
Understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
Scripting / programming skills (e.g., Python, PowerShell)
Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policies
Create technical documentation and SoPs to support internal security processes.
Ability to collaborate extensively with engineering teams to help them understand their application vulnerabilities and assist them to develop remediation and mitigation strategies.
Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.
Define requirements to automate the application related requirements for orchestration and workflow tools needed to assess and manage application security posture.
The Skills & Expertise You Bring
Bachelor of Computer Science or Software Engineering or experience in related fields
Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization
Experience with agile development methodologies and Test-Driven Development (TDD)
Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's business.
Experience with OWASP
Experience with SAST, SCA, DAST, ASPM tools
Strong understanding of software composition analysis and SBOMs.
Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.
Excellent problem solving, communication and collaboration skills.
Ability to adjust communicate style to the target audience with a proficiency in communicating technical and business risk
Applied experience with several of the following:
Identifies opportunities for process and technical security improvements in the environment
Excellent communication, presentation, writing and documentation skills
Follow-up and attention to detail.
Good deductive reasoning skills, creative thinker.
Analytical and detail-oriented individuals must have a passion for information security, creativity to identify gaps and initiative to find the appropriate solutions to fill needs
Understand and able to create queries to support data extraction correlation and reporting
Candidates must be skilled in technical risk assessments, risk rating, threat correlation, asset-based remediation management, and reporting.
Candidates must be familiar with various vulnerability and security scanning tools, should be familiar with CVEs, CVSS, Secunia, and MITRE as well as other industry specific vulnerability classification standards, frameworks, and best practices.
Preferred qualifications:
GIAC Web Application Penetration Tester (GWAPT)
CompTIA Advanced Security Practitioner (CASP+)
GIAC Cloud Security Automation (GCSA)
IT Security certification beyond intro level certifications, (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.).
Cloud (AWS, Azure, Google Cloud Platform, etc.) Certs
Other Security Certifications beyond intro level
You'll Love Working Here Because You Can
Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we'll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You'll be surprised by what this rock-solid organization has in store for you.
What we offer you:
Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $99,700.00 to $148,500.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.
Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. To find out more about our Total Rewards package, visit Work Life Balance | Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week.
Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.
Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status, medical condition or any other characteristic protected by law.
If you need an accommodation to complete the application process, please email
If you are experiencing a technical issue with your application or an assessment, please email to request assistance.
Technology - Information Security
Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.
Your Team & Role
As a Specialist, Application Security in the Application Security team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other engineering groups in Prudential to advance Prudential's application security program. In this role, you would be responsible for efforts to secure modern applications and ensuring "secure by design" development best practices across all digital assets in alignment with industry standards. You will track and govern risk reduction. You will work with partner organizations to consult on implementation efforts, mature operational processes and enable automation CI/CD controls for enforcement and monitoring. In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.
The ideal candidate will have a deep understanding of modern application architecture, cloud-native security, and DevOps practices. Forward-thinking is required for this role to include focus on how to securely develop systems, enable self-service and incorporate capabilities for Security to scale and defend against evolving threats.
Here is What You Can Expect on a Typical Day
Function as the escalation point for all daily operational work as well as project work from more junior staff on the team.
Leverage AppSec tool/process specific knowledge to resolve complex technical/process/people problems the team faces.
Leverage organizational and industry knowledge to bridge gaps between the AppSec/DevOps teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.
Partner with leadership to set direction for the future of the AppSec program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations.
Maturing existing vulnerability and configuration monitoring capabilities for open source, third party and first party code and applications.
Collaborate with cross functional teams to integrate security best practices into development and operations, implement these as controls.
Mature and develop /design and assist in implementing security policies and alerting mechanisms in our security stack based on SOX and NIST standards.
Assist in vetting new software solutions and provide guidance and support to the other teams.
Employ a variety or qualitative and quantitative analysis techniques to continually improve user experience.
Promote the adoption of secure-by-design principles and practices throughout the software development lifecycle.
Validate proper mitigation controls are in place until remediation activities are complete.
Ensure reporting metrics relay proper risk posture to leadership and evolve as necessary support.
Revise processes and procedures, metrics, and documentation that continue to improve the AppSec program capabilities.
Provide proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed / implemented remediation actions
Experience with common vulnerability feeds from government, vendor, and open-source communities
Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
Understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
Scripting / programming skills (e.g., Python, PowerShell)
Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policies
Create technical documentation and SoPs to support internal security processes.
Ability to collaborate extensively with engineering teams to help them understand their application vulnerabilities and assist them to develop remediation and mitigation strategies.
Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.
Define requirements to automate the application related requirements for orchestration and workflow tools needed to assess and manage application security posture.
The Skills & Expertise You Bring
Bachelor of Computer Science or Software Engineering or experience in related fields
Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization
Experience with agile development methodologies and Test-Driven Development (TDD)
Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's business.
Experience with OWASP
Experience with SAST, SCA, DAST, ASPM tools
Strong understanding of software composition analysis and SBOMs.
Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.
Excellent problem solving, communication and collaboration skills.
Ability to adjust communicate style to the target audience with a proficiency in communicating technical and business risk
Applied experience with several of the following:
Identifies opportunities for process and technical security improvements in the environment
Excellent communication, presentation, writing and documentation skills
Follow-up and attention to detail.
Good deductive reasoning skills, creative thinker.
Analytical and detail-oriented individuals must have a passion for information security, creativity to identify gaps and initiative to find the appropriate solutions to fill needs
Understand and able to create queries to support data extraction correlation and reporting
Candidates must be skilled in technical risk assessments, risk rating, threat correlation, asset-based remediation management, and reporting.
Candidates must be familiar with various vulnerability and security scanning tools, should be familiar with CVEs, CVSS, Secunia, and MITRE as well as other industry specific vulnerability classification standards, frameworks, and best practices.
Preferred qualifications:
GIAC Web Application Penetration Tester (GWAPT)
CompTIA Advanced Security Practitioner (CASP+)
GIAC Cloud Security Automation (GCSA)
IT Security certification beyond intro level certifications, (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.).
Cloud (AWS, Azure, Google Cloud Platform, etc.) Certs
Other Security Certifications beyond intro level
You'll Love Working Here Because You Can
Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we'll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You'll be surprised by what this rock-solid organization has in store for you.
What we offer you:
Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $99,700.00 to $148,500.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.
- Market competitive base salaries, with a yearly bonus potential at every level.
- Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
- 401(k) plan with company match (up to 4%).
- Company-funded pension plan.
- Wellness Programsincluding up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
- Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
- Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
- Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.
Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. To find out more about our Total Rewards package, visit Work Life Balance | Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week.
Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.
Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status, medical condition or any other characteristic protected by law.
If you need an accommodation to complete the application process, please email
If you are experiencing a technical issue with your application or an assessment, please email to request assistance.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.