Lead, Application Security

About The Position

Requirements

• Bachelor of Computer Science/Engineering or formal experience in related fields
• Deep familiarity with vulnerability and security frameworks and data sources (CVE, CVSS, EPSS, CWE)
• Proven experience leading and maturing application security and vulnerability management programs
• Strong ability to partner with engineering teams to validate findings, reduce false positives, and drive effective remediation
• Engineering mindset with strong systems thinking and problem-solving skills
• Excellent written and verbal communication, with the ability to articulate technical and business risk to varied audiences
• Experience working in agile and DevSecOps environments
• Hands-on experience with industry frameworks (OWASP Top 10, OWASP WSTG, PTES, MITRE ATT&CK)
• Deep experience with SAST, SCA, DAST, and ASPM tooling
• Strong understanding of software composition analysis (SCA), SBOMs, and supply chain risk

Nice To Haves

• Scripting and automation experience (Python, PowerShell, Bash)
• Experience performing exploit validation and web application penetration testing
• Strong understanding of threat actors and real-world attack techniques
• Knowledge of security standards and frameworks (NIST, CIS, PCI DSS)
• Experience applying Agentic AI or AI-assisted approaches to security use cases
• Advanced security certifications (e.g., OSCP, GPEN, GWAPT, CASP+, GCSA, GCFA, GCIH)
• Cloud certifications (AWS, Azure, GCP)
• Demonstrated ability to influence without authority and lead through expertise

Responsibilities

• Serve as the technical lead and escalation point for complex operational and project work across the Application Security and Attack Surface Management domains.
• Provide expert-level technical leadership for application security tools, platforms, and assessment methodologies.
• Lead the design, evolution, and execution of application security assessment, response, and risk governance processes.
• Leverage deep AppSec and DevSecOps expertise to solve complex technical, process, and organizational challenges impacting risk reduction.
• Act as a bridge between AppSec, DevOps, Cloud, and business teams, ensuring security requirements are understood, actionable, and aligned to delivery objectives.
• Partner with senior leadership to define the future-state vision for Prudential’s application security program, informed by hands-on operational insight.
• Lead the maturation of vulnerability and configuration monitoring across first-party, third-party, and open-source software.
• Drive the integration of security controls into CI/CD pipelines, enabling automated enforcement, monitoring, and reporting.
• Design and evolve security policies, standards, and alerting mechanisms aligned to SOX, NIST, PCI DSS, and other regulatory frameworks.
• Evaluate and vet new security technologies, providing strategic recommendations and technical due diligence.
• Apply qualitative and quantitative analysis to improve developer experience, security outcomes, and adoption of secure-by-design practices.
• Champion secure-by-design principles across the SDLC through guidance, standards, tooling, and hands-on engagement.
• Validate and document compensating controls and mitigations to manage risk until remediation is complete.
• Ensure risk and performance metrics accurately represent application security posture for executive and regulatory audiences.
• Author and maintain technical documentation, standards, and SOPs that continuously improve program maturity.
• Develop proof-of-concept exploits in lab environments to demonstrate exploitability and validate remediation effectiveness.
• Provide mentorship and technical guidance to junior team members, raising overall team capability and consistency.
• Define requirements for workflow orchestration and automation to manage application security posture at enterprise scale.

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.