Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability, and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join Prudential, you’ll unlock an exciting and impactful career—while growing your skills and advancing your profession at one of the world’s leading financial services institutions.
Your Team & Role
As a Lead, Application Security on the Attack Surface Management team, you will play a critical technical and strategic leadership role in advancing Prudential’s enterprise application security program. You will partner closely with senior security leaders, the Information Security Office, the Chief Technology Office, and global engineering teams to drive secure-by-design outcomes and measurable risk reduction across Prudential’s digital ecosystem.
In this role, you will be accountable for shaping, governing, and maturing application security capabilities for modern, cloud-native, and DevOps-driven environments. You will lead complex initiatives that secure applications at scale, influence future architecture and engineering practices, and embed security controls into CI/CD pipelines through automation and self-service enablement.
You will operate as a senior escalation point, trusted advisor, and technical authority, working on highly complex and ambiguous problems where judgment, experience, and influence are required. Your work will have a direct impact on Prudential’s products, platforms, and customer trust.
The ideal candidate brings deep expertise in modern application architecture, cloud security, and DevSecOps, along with a forward-looking mindset focused on scaling security through automation, policy-as-code, and engineering-first solutions.
Here is What You Can Expect on a Typical Day
-
Serve as the technical lead and escalation point for complex operational and project work across the Application Security and Attack Surface Management domains.
-
Provide expert-level technical leadership for application security tools, platforms, and assessment methodologies.
-
Lead the design, evolution, and execution of application security assessment, response, and risk governance processes.
-
Leverage deep AppSec and DevSecOps expertise to solve complex technical, process, and organizational challenges impacting risk reduction.
-
Act as a bridge between AppSec, DevOps, Cloud, and business teams, ensuring security requirements are understood, actionable, and aligned to delivery objectives.
-
Partner with senior leadership to define the future-state vision for Prudential’s application security program, informed by hands-on operational insight.
-
Lead the maturation of vulnerability and configuration monitoring across first-party, third-party, and open-source software.
-
Drive the integration of security controls into CI/CD pipelines, enabling automated enforcement, monitoring, and reporting.
-
Design and evolve security policies, standards, and alerting mechanisms aligned to SOX, NIST, PCI DSS, and other regulatory frameworks.
-
Evaluate and vet new security technologies, providing strategic recommendations and technical due diligence.
-
Apply qualitative and quantitative analysis to improve developer experience, security outcomes, and adoption of secure-by-design practices.
-
Champion secure-by-design principles across the SDLC through guidance, standards, tooling, and hands-on engagement.
-
Validate and document compensating controls and mitigations to manage risk until remediation is complete.
-
Ensure risk and performance metrics accurately represent application security posture for executive and regulatory audiences.
-
Author and maintain technical documentation, standards, and SOPs that continuously improve program maturity.
-
Develop proof-of-concept exploits in lab environments to demonstrate exploitability and validate remediation effectiveness.
-
Provide mentorship and technical guidance to junior team members, raising overall team capability and consistency.
-
Define requirements for workflow orchestration and automation to manage application security posture at enterprise scale.
The Skills & Expertise You Bring
-
Bachelor of Computer Science/Engineering or formal experience in related fields
-
Deep familiarity with vulnerability and security frameworks and data sources (CVE, CVSS, EPSS, CWE)
-
Proven experience leading and maturing application security and vulnerability management programs
-
Strong ability to partner with engineering teams to validate findings, reduce false positives, and drive effective remediation
-
Engineering mindset with strong systems thinking and problem-solving skills
-
Excellent written and verbal communication, with the ability to articulate technical and business risk to varied audiences
-
Experience working in agile and DevSecOps environments
-
Hands-on experience with industry frameworks (OWASP Top 10, OWASP WSTG, PTES, MITRE ATT&CK)
-
Deep experience with SAST, SCA, DAST, and ASPM tooling
-
Strong understanding of software composition analysis (SCA), SBOMs, and supply chain risk
Preferred qualifications:
- Scripting and automation experience (Python, PowerShell, Bash)
-
Experience performing exploit validation and web application penetration testing
-
Strong understanding of threat actors and real-world attack techniques
-
Knowledge of security standards and frameworks (NIST, CIS, PCI DSS)
-
Experience applying Agentic AI or AI-assisted approaches to security use cases
-
Advanced security certifications (e.g., OSCP, GPEN, GWAPT, CASP+, GCSA, GCFA, GCIH)
-
Cloud certifications (AWS, Azure, GCP)
-
Demonstrated ability to influence without authority and lead through expertise
You’ll Love Working Here Because You Can
Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock-solid organization has in store for you.
