Are you interested in building capabilities that enable the organization with innovation speed agility scalability and efficiency The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join Prudential youll unlock an exciting and impactful careerwhile growing your skills and advancing your profession at one of the worlds leading financial services institutions.

Your Team & Role

As a Lead Application Security on the Attack Surface Management team you will play a critical technical and strategic leadership role in advancing Prudentials enterprise application security program. You will partner closely with senior security leaders the Information Security Office the Chief Technology Office and global engineering teams to drive secure-by-design outcomes and measurable risk reduction across Prudentials digital ecosystem.

In this role you will be accountable for shaping governing and maturing application security capabilities for modern cloud-native and DevOps-driven environments. You will lead complex initiatives that secure applications at scale influence future architecture and engineering practices and embed security controls into CI/CD pipelines through automation and self-service enablement.

You will operate as a senior escalation point trusted advisor and technical authority working on highly complex and ambiguous problems where judgment experience and influence are required. Your work will have a direct impact on Prudentials products platforms and customer trust.

The ideal candidate brings deep expertise in modern application architecture cloud security and DevSecOps along with a forward-looking mindset focused on scaling security through automation policy-as-code and engineering-first solutions.

Here is What You Can Expect on a Typical Day

• Serve as the technical lead and escalation point for complex operational and project work across the Application Security and Attack Surface Management domains.
• Provide expert-level technical leadership for application security tools platforms and assessment methodologies.
• Lead the design evolution and execution of application security assessment response and risk governance processes.
• Leverage deep AppSec and DevSecOps expertise to solve complex technical process and organizational challenges impacting risk reduction.
• Act as a bridge between AppSec DevOps Cloud and business teams ensuring security requirements are understood actionable and aligned to delivery objectives.
• Partner with senior leadership to define the future-state vision for Prudentials application security program informed by hands-on operational insight.
• Lead the maturation of vulnerability and configuration monitoring across first-party third-party and open-source software.
• Drive the integration of security controls into CI/CD pipelines enabling automated enforcement monitoring and reporting.
• Design and evolve security policies standards and alerting mechanisms aligned to SOX NIST PCI DSS and other regulatory frameworks.
• Evaluate and vet new security technologies providing strategic recommendations and technical due diligence.
• Apply qualitative and quantitative analysis to improve developer experience security outcomes and adoption of secure-by-design practices.
• Champion secure-by-design principles across the SDLC through guidance standards tooling and hands-on engagement.
• Validate and document compensating controls and mitigations to manage risk until remediation is complete.
• Ensure risk and performance metrics accurately represent application security posture for executive and regulatory audiences.
• Author and maintain technical documentation standards and SOPs that continuously improve program maturity.
• Develop proof-of-concept exploits in lab environments to demonstrate exploitability and validate remediation effectiveness.
• Provide mentorship and technical guidance to junior team members raising overall team capability and consistency.
• Define requirements for workflow orchestration and automation to manage application security posture at enterprise scale.

The Skills & Expertise You Bring

• Bachelor of Computer Science/Engineering or formal experience in related fields
• Deep familiarity with vulnerability and security frameworks and data sources (CVE CVSS EPSS CWE)
• Proven experience leading and maturing application security and vulnerability management programs
• Strong ability to partner with engineering teams to validate findings reduce false positives and drive effective remediation
• Engineering mindset with strong systems thinking and problem-solving skills
• Excellent written and verbal communication with the ability to articulate technical and business risk to varied audiences
• Experience working in agile and DevSecOps environments
• Hands-on experience with industry frameworks (OWASP Top 10 OWASP WSTG PTES MITRE ATT&CK)
• Deep experience with SAST SCA DAST and ASPM tooling
• Strong understanding of software composition analysis (SCA) SBOMs and supply chain risk

Preferred qualifications:

• Scripting and automation experience (Python PowerShell Bash)
• Experience performing exploit validation and web application penetration testing
• Strong understanding of threat actors and real-world attack techniques
• Knowledge of security standards and frameworks (NIST CIS PCI DSS)
• Experience applying Agentic AI or AI-assisted approaches to security use cases
• Advanced security certifications (e.g. OSCP GPEN GWAPT CASP GCSA GCFA GCIH)
• Cloud certifications (AWS Azure GCP)
• Demonstrated ability to influence without authority and lead through expertise

Youll Love Working Here Because You Can

Join a team and culture where your voice matters; where every day your work transforms our experiences to make lives better. As you put your skills to use well help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. Youll be surprised by what this rock-solid organization has in store for you.