Lead, Application Security

Job Classification:
Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability, and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join Prudential, you'll unlock an exciting and impactful career-while growing your skills and advancing your profession at one of the world's leading financial services institutions.

Your Team & Role

As a Lead, Application Security on the Attack Surface Management team, you will play a critical technical and strategic leadership role in advancing Prudential's enterprise application security program. You will partner closely with senior security leaders, the Information Security Office, the Chief Technology Office, and global engineering teams to drive secure-by-design outcomes and measurable risk reduction across Prudential's digital ecosystem.

In this role, you will be accountable for shaping, governing, and maturing application security capabilities for modern, cloud-native, and DevOps-driven environments. You will lead complex initiatives that secure applications at scale, influence future architecture and engineering practices, and embed security controls into CI/CD pipelines through automation and self-service enablement.

You will operate as a senior escalation point, trusted advisor, and technical authority, working on highly complex and ambiguous problems where judgment, experience, and influence are required. Your work will have a direct impact on Prudential's products, platforms, and customer trust.

• Serve as the technical lead and escalation point for complex operational and project work across the Application Security and Attack Surface Management domains.
• Provide expert-level technical leadership for application security tools, platforms, and assessment methodologies.
• Lead the design, evolution, and execution of application security assessment, response, and risk governance processes.
• Leverage deep AppSec and DevSecOps expertise to solve complex technical, process, and organizational challenges impacting risk reduction.
• Act as a bridge between AppSec, DevOps, Cloud, and business teams, ensuring security requirements are understood, actionable, and aligned to delivery objectives.
• Partner with senior leadership to define the future-state vision for Prudential's application security program, informed by hands-on operational insight.
• Lead the maturation of vulnerability and configuration monitoring across first-party, third-party, and open-source software.
• Drive the integration of security controls into CI/CD pipelines, enabling automated enforcement, monitoring, and reporting.
• Design and evolve security policies, standards, and alerting mechanisms aligned to SOX, NIST, PCI DSS, and other regulatory frameworks.
• Evaluate and vet new security technologies, providing strategic recommendations and technical due diligence.
• Apply qualitative and quantitative analysis to improve developer experience, security outcomes, and adoption of secure-by-design practices.
• Champion secure-by-design principles across the SDLC through guidance, standards, tooling, and hands-on engagement.
• Validate and document compensating controls and mitigations to manage risk until remediation is complete.
• Ensure risk and performance metrics accurately represent application security posture for executive and regulatory audiences.
• Author and maintain technical documentation, standards, and SOPs that continuously improve program maturity.
• Develop proof-of-concept exploits in lab environments to demonstrate exploitability and validate remediation effectiveness.
• Provide mentorship and technical guidance to junior team members, raising overall team capability and consistency.
• Define requirements for workflow orchestration and automation to manage application security posture at enterprise scale.

• Bachelor of Computer Science/Engineering or formal experience in related fields
• Deep familiarity with vulnerability and security frameworks and data sources (CVE, CVSS, EPSS, CWE)
• Proven experience leading and maturing application security and vulnerability management programs
• Strong ability to partner with engineering teams to validate findings, reduce false positives, and drive effective remediation
• Engineering mindset with strong systems thinking and problem-solving skills
• Excellent written and verbal communication, with the ability to articulate technical and business risk to varied audiences
• Experience working in agile and DevSecOps environments
• Hands-on experience with industry frameworks (OWASP Top 10, OWASP WSTG, PTES, MITRE ATT&CK)
• Deep experience with SAST, SCA, DAST, and ASPM tooling
• Strong understanding of software composition analysis (SCA), SBOMs, and supply chain risk

• Scripting and automation experience (Python, PowerShell, Bash)
• Experience performing exploit validation and web application penetration testing
• Strong understanding of threat actors and real-world attack techniques
• Knowledge of security standards and frameworks (NIST, CIS, PCI DSS)
• Experience applying Agentic AI or AI-assisted approaches to security use cases
• Advanced security certifications (e.g., OSCP, GPEN, GWAPT, CASP+, GCSA, GCFA, GCIH)
• Cloud certifications (AWS, Azure, GCP)
• Demonstrated ability to influence without authority and lead through expertise

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programsincluding up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.