Prudential plc provides life and health insurance and asset management to 18 million customers across 24 markets in Asia and Africa. We are headquartered in London and Hong Kong and are focused on four strategic regions: Greater China, ASEAN, India and Africa.
Specialist, Application Security
Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you’ll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions.
Your Team & Role
As a Specialist, Application Security in the Application Security team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other engineering groups in Prudential to advance Prudential’s application security program. In this role, you would be responsible for efforts to secure modern applications and ensuring “secure by design” development best practices across all digital assets in alignment with industry standards. You will track and govern risk reduction. You will work with partner organizations to consult on implementation efforts, mature operational processes and enable automation CI/CD controls for enforcement and monitoring. In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.
The ideal candidate will have a deep understanding of modern application architecture, cloud-native security, and DevOps practices. Forward-thinking is required for this role to include focus on how to securely develop systems, enable self-service and incorporate capabilities for Security to scale and defend against evolving threats.
Here is What You Can Expect on a Typical Day
· Function as the escalation point for all daily operational work as well as project work from more junior staff on the team.
· Leverage AppSec tool/process specific knowledge to resolve complex technical/process/people problems the team faces.
· Leverage organizational and industry knowledge to bridge gaps between the AppSec/DevOps teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.
· Partner with leadership to set direction for the future of the AppSec program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations.
· Maturing existing vulnerability and configuration monitoring capabilities for open source, third party and first party code and applications.
· Collaborate with cross functional teams to integrate security best practices into development and operations, implement these as controls.
· Mature and develop /design and assist in implementing security policies and alerting mechanisms in our security stack based on SOX and NIST standards.
· Assist in vetting new software solutions and provide guidance and support to the other teams.
· Employ a variety or qualitative and quantitative analysis techniques to continually improve user experience.
· Promote the adoption of secure-by-design principles and practices throughout the software development lifecycle.
· Validate proper mitigation controls are in place until remediation activities are complete.
· Ensure reporting metrics relay proper risk posture to leadership and evolve as necessary support.
· Revise processes and procedures, metrics, and documentation that continue to improve the AppSec program capabilities.
· Provide proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed / implemented remediation actions
· Experience with common vulnerability feeds from government, vendor, and open-source communities
· Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
· Understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation
· Scripting / programming skills (e.g., Python, PowerShell)
· Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policies
· Create technical documentation and SoPs to support internal security processes.
· Ability to collaborate extensively with engineering teams to help them understand their application vulnerabilities and assist them to develop remediation and mitigation strategies.
· Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.
· Define requirements to automate the application related requirements for orchestration and workflow tools needed to assess and manage application security posture.
The Skills & Expertise You Bring
· Bachelor of Computer Science or Software Engineering or experience in related fields
· Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization
· Experience with agile development methodologies and Test-Driven Development (TDD)
· Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company’s business.
· Experience with OWASP
· Experience with SAST, SCA, DAST, ASPM tools
· Strong understanding of software composition analysis and SBOMs.
· Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.
· Excellent problem solving, communication and collaboration skills.
· Ability to adjust communicate style to the target audience with a proficiency in communicating technical and business risk
Applied experience with several of the following:
· Identifies opportunities for process and technical security improvements in the environment
· Excellent communication, presentation, writing and documentation skills
· Follow-up and attention to detail.
· Good deductive reasoning skills, creative thinker.
· Analytical and detail-oriented individuals must have a passion for information security, creativity to identify gaps and initiative to find the appropriate solutions to fill needs
· Understand and able to create queries to support data extraction correlation and reporting
· Candidates must be skilled in technical risk assessments, risk rating, threat correlation, asset-based remediation management, and reporting.
· Candidates must be familiar with various vulnerability and security scanning tools, should be familiar with CVEs, CVSS, Secunia, and MITRE as well as other industry specific vulnerability classification standards, frameworks, and best practices.
Preferred qualifications:
· GIAC Web Application Penetration Tester (GWAPT)
· CompTIA Advanced Security Practitioner (CASP+)
· GIAC Cloud Security Automation (GCSA)
· IT Security certification beyond intro level certifications, (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.).
· Cloud (AWS, Azure, GCP, etc.) Certs
· Other Security Certifications beyond intro level
You’ll Love Working Here Because You Can
Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock-solid organization has in store for you.
Note: Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $97,300.00 to $144,900.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills. Roles may also be eligible for additional compensation and/or benefits. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. In addition, employees are eligible for standard benefits package including paid time off, medical, dental and retirement.
Experienced Financial Professional
You’ve built a successful practice and now you want more. At Prudential Advisors we want to help you grow your business and be a resource to you and your clients.
Prudential will provide you with the tools, the products, and a platform to deliver an outstanding client experience. Together, we help you achieve your goals through:
· Open architecture platform for client solutions
· Competitive payouts
· Practice building support
· No proprietary product minimums
· 23 FREE lead generation programs
Financial Professional Associate
The Financial Professional Associate career with Prudential Advisors is multi-faceted. In general, the entrepreneurial individual who successfully qualifies and is selected for this career opportunity will work within a team of Financial Professionals whose goal is to successfully help their clients achieve financial goals.
The Financial Professional Associate will participate in a comprehensive development program that is ongoing throughout their career and designed to offer many future career choices. Those choices include (among others) becoming a solution specialist, a fee based financial planner, or progressing into a leadership role and leading a team of advisors.
Overall Responsibilities
- Consult with clients to create needs-based solutions to help clients meet their financial goals by applying a combination of investment, protection and retirement planning strategies
- Build a loyal client base by networking, target marketing and excellent customer service
- Assist existing Prudential clients through our lead generation programs
- Work in a team environment to assemble the best possible solutions for our clients
Essential Career Functions
A successful Financial Professional Associate at Prudential Advisors can master the complexities of our industry. They will understand how changes in our industry and the world can affect the recommendations we make to our clients. A day in the life of a Financial Professional Associate may include the following:
- Developing marketing strategies to continually engage existing clients and prospect for potential clients
- Analyzing information gathered from client meetings and developing proposed solutions
- Establish financial plans for clients as a licensed financial planner
- Conducting outreach to existing clients to ensure their portfolios are current and satisfactory to meet their individual needs and goals
- Delivering educational presentations or seminars to individuals or groups regarding a broad range of topics relevant to investment, retirement or protection options
- Ensuring that all work abides by compliance standards set forth by the industry’s regulatory bodies as well as Prudential Advisors
Required Skills, Knowledge and Experience
Prudential Advisors, one of the Prudential Financial Companies, is looking for individuals who are committed to making an impact in the lives of the people with whom we work. Because of our comprehensive training and development program, no prior knowledge of the financial services industry is required, but prior exposure to the industry and the career is a plus. We are seeking individuals with these attributes:
- Self-starter
- Entrepreneurial mindset
- Customer service champion
- Engaging and compelling communicator and negotiator
- Problem solver
- Life-long student (seeks continued education and professional development)
- Critical thinker
- Prior sales experience is a plus
- College degree a plus but equivalent work/life experience will be considered. A high school diploma or GED equivalent is required
–
Senior IT Auditor (Hybrid)
At Prudential, we believe talent is key to achieving our vision. When you join Prudential, you’ll unlock a motivating and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions!
An opportunity is available within Prudential’s Internal Audit Department for an experienced auditor to support the information technology and information security audit coverage within Prudential’s corporate functions. The successful candidate will assist on multiple audits and will be responsible for assisting in maintaining relationships with key business partners within Global Technology (GT).
The current employee work arrangement for this position is Hybrid and requires your on-site presence on a reoccurring basis as determined by your business. Your manager will provide additional details relative to the specific number of days you are expected to be on-site.
What you can expect:
- Responsible for auditing corporate function systems such as Oracle and Workday. Additional areas of scope include data management systems.
- Serving as an IT and IS resource as part of integrated audits for both vertical and horizontal IT and IS audit coverage.
- Utilize data analytics and test automation in support of dynamic risk assessment and audit design & execution.
- Preparing audit scope, program, and audit approach for each audit assignment.
- Remaining current with industry views on Cloud, Agile/DevOps, Automation, Artificial Intelligence, information security, and other information technology related topics.
What you’ll need:
- Bachelor’s degree in computer science/systems, information technology, accounting, or finance.
- 3+ years of audit or other relevant experience.
- Understanding of information technology and information security related risks and prior experience in general application reviews such as logical access, system change management, version control, data interfaces, and library management.
- Detail orientated to support the daily execution of our audits, while ensuring adherence to the methodology.
- Strong communication skills, both oral and written, and the ability to partner effectively with multiple business groups, corporate areas, and other audit teams in the department.
It’d be a plus if you had:
- MS/MBA, CISA, CISSP and/or other certifications (e.g., AWS Cloud Practitioner).
- Financial services industry experience.
Prudential welcomes all applicants, even if you don’t meet ever requirement. If your skills align with the role, we encourage you to apply.
At Prudential, you can:
Take charge of your career. We equip and empower our employees to expand their skills and experience by using powerful learning, gigs, and job opportunities. We offer a suite of services including 1:1 Career advice, on demand resources and networking to propel your career forward.
We’re a global organization, full of outstandingly dedicated people who aren’t afraid to think differently, challenge the status quo and take sensible risks along the way. You will enjoy pushing boundaries as we build innovative technology that helps clients, customers and employees live their best lives. You will have access to leadership and learning opportunities and the resources needed to take your career in any direction. We will help you do your best work, offering flexibility, while delivering on our Purpose.
What we offer you:
- Market competitive base salaries, with a yearly bonus potential at every level
- Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave
- Retirement plans:
- 401(k) plan with company match (up to 4%)
- Company-funded pension plan
- Wellness Programs to help you achieve your wellbeing goals, including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs
- Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
- Tuition Assistance to help finance traditional college enrollment toward obtaining an approved degree, many accredited certificate programs, and industry designations.
- Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.
Related Posts
