Specialist, Attack Surface Management

About The Position

Requirements

• Bachelor of Computer Science/Engineering or formal experience in related fields
• Specialized expertise with device management tools (UEM, MDM, etc.)
• 3+ years of demonstrated experience vulnerability assessment, risk prioritization, and threat correlation
• Experience building and maturing endpoint security posture management
• Familiarity with vulnerability and security scanning tools, as well as common vulnerability data sources and frameworks (CVE, CVSS, EPSS, CWE)
• Knowledge of industry security standards and frameworks (NYDFS, CIS, NIST CSF), especially as applicable to endpoint security hardening
• Experience improving vulnerability management platforms, processes, and assessments
• Values and facilitates collaboration with engineering teams to provide SME knowledge of vulnerabilities, validate risk reduction effectiveness and false positives, and consult on mitigations
• Engineering mindset – systems thinking, creative problem solving, deductive reasoning
• Self-motivated and autonomous in a team-based environment
• Effective communication and documentation

Nice To Haves

• Scripting background (Python, PowerShell, Bash, etc.)
• Understanding of threat actors, with the ability to articulate or demonstrate how they operate and subvert common security controls
• Experience translating endpoint security baselines into automated, preventative enforcement controls.
• Ability to develop or test proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed remediation action
• Experience with Cloud Security Posture Management
• Containerization and microservices (Docker, Kubernetes, EKS/AKS, etc.)
• Familiarity with AI systems/models and applications to the cybersecurity domain
• Practical knowledge of core networking and infrastructure concepts, Windows/Linux administration, and identity management

Responsibilities

• Design, implement, and socialize a robust endpoint vulnerability management program, unified with existing vulnerability management standards, tools, and operations.
• Collaborate with cross-functional teams to gain a deep and contextualized understanding of Prudential’s endpoint fleet, as well as supporting infrastructure and device management tooling.
• Research and ensure alignment of Prudential’s endpoint security monitoring with applicable industry and regulatory standards.
• Assess existing vulnerability landscape and patch management architectures and processes.
• Provide technical security recommendations and drive sustainable change across the enterprise.
• Establish clear roles & responsibilities across various teams to support operational workflows & processes (patching, remediation, exception management, etc.).
• Execute and enhance our Emergent Vulnerability Response playbook to identify, analyze, and mitigate rapidly evolving vulnerability threats commonly associated with end user devices.
• Validate asset management integration between CMDB, device management tooling, and vulnerability management inventory.
• Support integration of vulnerability management tooling and centralized orchestration and reporting
• Triage, prioritize, and provide technical guidance to partner teams to drive remediation and validate mitigating controls of findings.
• Partner with leadership to set direction for the future of the Attack Surface Management program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide recommendations to team objectives.

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.
• Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance.