Specialist, Application Security

Job Classification:Technology - Information SecurityAre you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, youll unlock an exciting and impactful career all while growing your skills and advancing your profession at one of the worlds leading financial services institutions.Your Team & RoleAs a Specialist, Application Security in the Application Security team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other engineering groups in Prudential to advance Prudentials application security program. In this role, you would be responsible for efforts to secure modern applications and ensuring secure by design development best practices across all digital assets in alignment with industry standards. You will track and govern risk reduction. You will work with partner organizations to consult on implementation efforts, mature operational processes and enable automation CI/CD controls for enforcement and monitoring. In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.The ideal candidate will have a deep understanding of modern application architecture, cloud-native security, and DevOps practices. Forward-thinking is required for this role to include focus on how to securely develop systems, enable self-service and incorporate capabilities for Security to scale and defend against evolving threats.Here is What You Can Expect on a Typical DayFunction as the escalation point for all daily operational work as well as project work from more junior staff on the team.Leverage AppSec tool/process specific knowledge to resolve complex technical/process/people problems the team faces.Leverage organizational and industry knowledge to bridge gaps between the AppSec/DevOps teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.Partner with leadership to set direction for the future of the AppSec program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations.Maturing existing vulnerability and configuration monitoring capabilities for open source, third party and first party code and applications.Collaborate with cross functional teams to integrate security best practices into development and operations, implement these as controls.Mature and develop /design and assist in implementing security policies and alerting mechanisms in our security stack based on SOX and NIST standards.Assist in vetting new software solutions and provide guidance and support to the other teams.Employ a variety or qualitative and quantitative analysis techniques to continually improve user experience.Promote the adoption of secure-by-design principles and practices throughout the software development lifecycle.Validate proper mitigation controls are in place until remediation activities are complete.Ensure reporting metrics relay proper risk posture to leadership and evolve as necessary support.Revise processes and procedures, metrics, and documentation that continue to improve the AppSec program capabilities.Provide proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed / implemented remediation actionsExperience with common vulnerability feeds from government, vendor, and open-source communitiesUnderstanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controlsUnderstanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediationScripting / programming skills (e.g., Python, PowerShell)Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policiesCreate technical documentation and SoPs to support internal security processes.Ability to collaborate extensively with engineering teams to help them understand their application vulnerabilities and assist them to develop remediation and mitigation strategies.Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.Define requirements to automate the application related requirements for orchestration and workflow tools needed to assess and manage application security posture.The Skills & Expertise You BringBachelor of Computer Science or Software Engineering or experience in related fieldsLeverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organizationExperience with agile development methodologies and Test-Driven Development (TDD)Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's business.Experience with OWASPExperience with SAST, SCA, DAST, ASPM toolsStrong understanding of software composition analysis and SBOMs.Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.Excellent problem solving, communication and collaboration skills.Ability to adjust communicate style to the target audience with a proficiency in communicating technical and business riskApplied experience with several of the following:Identifies...Equal Opportunity Employer - minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity