Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world's leading financial services institutions.  

Your Team & Role 

As a Specialist, Cyber Security Operations- Cloud/Containers on the Attack Surface Management Team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other groups in Prudential to drive Prudential's Cloud security efforts across the global enterprise. 
  

You will support implementation and operational best practices, while contributing to or owning deliverables and project workstreams around cloud security maturity. You will also perform triage of issues related to technology configuration, software weaknesses, build/deployment, and process challenges. You will work on significant and unique issues where analysis of situations or data requires an evaluation of intangible variables and may impact future concepts, products or technologies to ensure security of our products and customers! In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do. 

Here is What You Can Expect on a Typical Day 

• Contribute to the design, development, implementation, and enhancement of Prudential's cloud and container monitoring and assessment capabilities 

• Triage, prioritize, drive remediation, and validate mitigating controls of cloud and container-related vulnerability/misconfiguration findings 

• Proactively identify and implement security improvements in the environment, especially those related to prevention and validation. Examine current state, industry/technology trends, and business requirements to drive innovation.    

• Provide SME guidance to stakeholders on remediation, prioritization, and mitigations 

• Provide updates regarding vulnerabilities across multiple platforms and groups 

• Share and evolve reporting metrics that relay proper risk posture to leadership 

• Ideate and implement improvements to processes, metrics, and documentation to mature vulnerability management capabilities.   

• Partner with leadership to set direction for the future of the Attack Surface Management program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide recommendations to team objectives.   

• Develop security policies and compliance initiatives derived from industry standards 

The Skills & Expertise You Bring   

• Bachelor of Computer Science/Engineering or formal experience in related fields   

• Demonstrated expertise in cloud and container security 

• Skilled in vulnerability assessment, risk prioritization, and threat correlation 

• Familiarity with vulnerability and security scanning tools, as well as common vulnerability data sources and frameworks (CVE, CVSS, EPSS, CWE, OWASP Top 10, MITRE ATT&CK) 

• Experience improving vulnerability management platforms, processes, and assessments 

• Ability to collaborate with engineering teams to provide SME knowledge of vulnerabilities, validate risk reduction effectiveness and false positives, and consult on mitigations 

• Engineering mindset – systems thinking, creative problem solving, deductive reasoning 

• Effective communication and documentation 

Experience with several of the following:  

• Demonstrated knowledge in container technologies (Docker, Kubernetes, EKS/ECS) 

• Experience with CI/CD and secdevops 

• Scripting background (Python, PowerShell, Bash, etc.) 

• Familiarity with application and open-source security 

• Understanding of threat actors, with the ability to articulate or demonstrate how they operate and subvert common security controls 

• Knowledge of industry security standards and frameworks (CIS, NIST, PCI DSS) 

• Ability to develop proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed remediation action