Specialist, Attack Surface Management

Job Classification:
Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.

Your Team & Role

As a Specialist, Cyber Security Operations- Vulnerability Management on the Attack Surface Management Team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other groups in Prudential to drive Prudential's risk reduction efforts across the global enterprise.

You will support implementation and operational best practices, while contributing to or owning deliverables and project workstreams around system, network, and software security maturity. In addition, you will be key in the evaluation, prioritization, coordination of emergent vulnerabilities across the enterprise, executing on and refining our emergent vulnerability response playbook. You will also perform triage of issues related to technology configuration, software weaknesses, build/deployment, and process challenges. You will work on significant and unique issues where analysis of situations or data requires an evaluation of intangible variables and may impact future concepts, products or technologies to ensure the security of our products and customers! In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.

Here is What You Can Expect on a Typical Day

• Collaborate with teams across the enterprise to influence risk-based prioritization of security-related activities and initiatives
• Triage, prioritize, and provide technical guidance to partner teams to drive remediation and validate mitigating controls of findings.
• Translate root cause to transformational preventative measures. Proactively identify and implement security improvements in the environment, especially those related to prevention and validation. Examine current state, industry/technology trends, and business requirements to drive innovation.
• Execute on and enhance our Emergent Vulnerability Response playbook to identify, analyze, and mitigate rapidly evolving vulnerability threats
• Craft and communicate an informed story of Prudential's vulnerability landscape through analysis of vulnerability data trends and gaps
• Influence, design, and implement secure baselines and policy-as-code derived from industry standards, and acting as an accelerant of Prudential's "shift-left" culture
• Research and experiment with early-stage AI-use cases for maturing Vulnerability Management's efficacy and scalability
• Partner with leadership to set direction for the future of the Attack Surface Management program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide recommendations to team objectives.

• Bachelor of Computer Science/Engineering or formal experience in related fields
• 3+ years of demonstrated experience vulnerability assessment, risk prioritization, and threat correlation
• Familiarity with vulnerability and security scanning tools, as well as common vulnerability data sources and frameworks (CVE, CVSS, EPSS, CWE)
• Experience improving vulnerability management platforms, processes, and assessments
• Values and facilitates collaboration with engineering teams to provide SME knowledge of vulnerabilities, validate risk reduction effectiveness and false positives, and consult on mitigations
• Engineering mindset - systems thinking, creative problem solving, deductive reasoning
• Self-motivated and autonomous in a team-based environment
• Effective communication and documentation

• Scripting background (Python, PowerShell, Bash, etc.)
• Understanding of threat actors, with the ability to articulate or demonstrate how they operate and subvert common security controls
• Knowledge of industry security standards and frameworks (CIS, NIST, PCI DSS)
• Ability to develop or test proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed remediation action
• Experience with cloud-first security platforms
• Containerization and microservices (Docker, Kubernetes, EKS/AKS, etc.)
• Familiarity with AI systems/models and applications to the cybersecurity domain
• Practical knowledge of core networking and infrastructure concepts, Windows/Linux administration, and identity management

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programsincluding up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.