Specialist, Vulnerability Management

About The Position

Requirements

• Bachelor of Computer Science/Engineering or formal experience in related fields
• Demonstrated expertise in cloud and container security
• Skilled in vulnerability assessment, risk prioritization, and threat correlation
• Familiarity with vulnerability and security scanning tools, as well as common vulnerability data sources and frameworks (CVE, CVSS, EPSS, CWE)
• Experience improving vulnerability management platforms, processes, and assessments
• Ability to collaborate with engineering teams to provide SME knowledge of vulnerabilities, validate risk reduction effectiveness and false positives, and consult on mitigations
• Engineering mindset – systems thinking, creative problem solving, deductive reasoning
• Effective communication and documentation

Nice To Haves

• Expertise in container technologies (Docker, Kubernetes, EKS/ECS)
• Experience with CI/CD and SecDevOps
• Scripting background (Python, PowerShell, Bash, etc.)
• Familiarity with application and open-source security
• Understanding of threat actors, with the ability to articulate or demonstrate how they operate and subvert common security controls
• Knowledge of industry security standards and frameworks (CIS, NIST, PCI DSS)
• Ability to develop proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed remediation action

Responsibilities

• Contribute to the design, development, implementation, and enhancement of Prudential’s cloud and container monitoring and assessment capabilities
• Triage, prioritize, drive remediation, and validate mitigating controls of cloud and container-related vulnerability/misconfiguration findings
• Proactively identify and implement security improvements in the environment, especially those related to prevention and validation.
• Examine current state, industry/technology trends, and business requirements to drive innovation.
• Provide SME guidance to stakeholders on remediation, prioritization, and mitigations
• Provide updates regarding vulnerabilities across multiple platforms and groups
• Share and evolve reporting metrics that relay proper risk posture to leadership
• Ideate and implement improvements to processes, metrics, and documentation to mature vulnerability management capabilities.
• Partner with leadership to set direction for the future of the Attack Surface Management program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide recommendations to team objectives.
• Develop security policies and compliance initiatives derived from industry standards

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.