Director, Product Owner- Application Security

Job Classification:

Technology - Agile, Delivery, & Product

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you’ll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions.  

Your Team & Role   

As the Director and Product Owner of Application Security in the Attack Surface Management  organization, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other engineering groups in Prudential to lead Prudential’s application security program.  In this role, you would be responsible to lead our efforts in securing modern applications, and ensuring “secure by design” development best practices across all digital assets in alignment with industry standards.  You will set strategic direction and define outcome-based measurements and monitoring to track and govern risk reduction.  You will work with partner organizations to consult on implementation patterns and controls for enforcement and monitoring. 

The ideal candidate will have a deep understanding of modern application architecture, cloud-native security and DevOps practices. Forward-thinking is required for this role to include focus on how to securely develop AI systems and incorporate capabilities for Security Operations to scale and defend against evolving threats.

Responsibilities include:

• Developing self-service remediation guidance by incorporating AI/ML capabilities
• Establishing threat modeling at scale
• Lead the standards and policy for secure modern application architectures, including cloud native, AI and microservices-based systems
• Maturing existing vulnerability and configuration monitoring capabilities for open source, third party and first party code and applications.
• Ensuring the adoption of secure-by-design principles and practices throughout the software development lifecycle.
• The candidate must have a global view of operations and how to align with different operational models. 
• Establishing a Security Champions program to facilitate improvements in secure coding practices and securing systems against modern threats
• Govern and enable risk-based reporting based on SAST, DAST, IAST, SCA, MAST, pen-testing assessments.  Create power BI dashboards to simplify reporting for ASPM, providing business context and prioritization to support remediation.
• Collaborate with incident response teams to respond to security incidents and implement application mitigations
• Develop and deliver role-based application security training courses focused on developers and product owners
• Stay current with emerging threats and technologies and advise on strategic investments and requirements for application security tools and services

In addition to deep technical expertise and experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do. 

Here is What You Can Expect on a Typical Day

Primary stakeholder for Application Security programs and initiatives, including but not limited to:

• Partner with stakeholders to establish preventive controls for systemic issues identified by the Offensive Security team
• Oversee the application related requirements for orchestration and workflow tools needed to assess application security posture.
• Work with the ASM Chief Product owner to manage priorities needed to achieve application security outcomes.
• Update and maintain standards, tools, and procedures.
• Provide mentorship, training, and guidance for team members, including periodic reviews and individual development plans.
• Support managers and Prudential leadership on new initiatives and opportunities to mature and transform our security practices.
• Collaborate with stakeholders (business and technical) to coordinate assessments, validating vulnerability reports/findings, and influencing remediation.
• Ensures proper communication of the program’s results, opportunities, and deficiencies, as needed, to Prudential upper management
• Proactively research and embrace best practices to stay current with current threats.  Actively assess Prudential’s risk and work with teams to implement and validate controls as necessary.
• Actively review application attack surface across ASPM tools and address areas of non-compliance and high risk.
• Leverage tool/process specific knowledge to resolve complex technical/process/people problems the team faces. 
• Leverage organizational and industry knowledge to bridge gaps between the Security teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.  
• Partner with leadership to set direction for the future of Application Security program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations. 
• Bring a deep understanding of relevant and emerging technologies, give technical direction to team members, and embed learning and innovation in the day-to-day 
• Maintain a broad knowledge of innovative security principles and theory 

The Skills & Expertise You Bring  

• Bachelor of Computer Science or Software Engineering or experience in related fields  
• Proven ability to lead large corporate programs with minimal guidance and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization.  
• Experience with agile development methodologies and Test-Driven Development (TDD)  
• Knowledge of business concepts, tools and processes that are needed for making sound decisions.
• Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.
• A high degree of emotional intelligence and ability to create an open and transparent culture that challenges the status quo in a way that inspires action and ownership
• Excellent problem solving, communication and collaboration skills 
• Ability to adjust communicate style to the target audience with a proficiency in communicating technical and business risk
   

Significant experience and/or deep expertise with several of the following:

• Advanced experience in the Information Security industry, including penetration testing and threat modeling of applications 
• Experience with standard frameworks, such as OWASP, MITRE ATT&CK, OSSTMM, OSINT and NIST. 
• In-Depth knowledge of security tools, techniques, and frameworks used for application testing (DAST, SAST, SCA, ASPM)
• Experience with containerization and orchestration technologies (e.g. Docker and Kubernetes)

Preferred qualifications:

• GIAC Web Application Penetration Tester (GWAPT)
• CompTIA Advanced Security Practitioner (CASP+)
• GIAC Cloud Security Automation (GCSA)
• GIAC Certified Web Application Defender (GWEB)
• IT Security certification beyond intro level certifications, (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.). 
• Cloud (AWS, Azure, GCP, etc.) Certs 
• Other Security Certifications beyond intro level 

You’ll Love Working Here Because You Can  

Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock-solid organization has in store for you.  

What we offer you:

• Market competitive base salaries, with a yearly bonus potential at every level
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave
• Retirement plans:
• 401(k) plan with company match (up to 4%)
• Company-funded pension plan
• Wellness Programs to help you achieve your wellbeing goals, including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Tuition Assistance to help finance traditional college enrollment toward obtaining an approved degree, many accredited certificate programs, and industry designations.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.

To find out more about our Total Reward package, visit Work Life Balance | Prudential Careers. Some of the above benefits may not apply to part-time employees scheduled to work less than 20 hours per week.

Note: Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $160,700.00 to $217,300.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills. Roles may also be eligible for additional compensation and/or benefits. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. In addition, employees are eligible for standard benefits package including paid time off, medical, dental and retirement.

Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.

Prudential is a multinational financial services leader with operations in the United States, Asia, Europe, and Latin America. Leveraging its heritage of life insurance and asset management expertise, Prudential is focused on helping individual and institutional customers grow and protect their wealth. The company's well-known Rock symbol is an icon of strength, stability, expertise and innovation that has stood the test of time. Prudential's businesses offer a variety of products and services, including life insurance, annuities, retirement-related services, mutual funds, asset management, and real estate services.

We recognize that our strength and success are directly linked to the quality and skills of our diverse associates. We are proud to be a place where talented people who want to make a difference can grow as professionals, leaders, and as individuals. Visit www.prudential.com to learn more about our values, our history and our brand.

Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status , medical condition or any other characteristic protected by law. 

The Prudential Insurance Company of America, Newark, NJ and its affiliates.

Note that this posting is intended for individual applicants. Search firms or agencies should email Staffing at staffingagencies@prudential.com for more information about doing business with Prudential.

PEOPLE WITH DISABILITIES:
If you need an accommodation to complete the application process, which may include an assessment, please email accommodations.hw@prudential.com.

Please note that the above email is solely for individuals with disabilities requesting an accommodation.  If you are experiencing a technical issue with your application or an assessment, please email careers.technicalsupport@prudential.com to request assistance.