Specialist, Cyber Security Operations

Job Classification:

Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you’ll unlock an exciting and impactful career – all while growing your skills and advancing your profession at one of the world’s leading financial services institutions. 

Prudential is looking for an Offensive Security Engineer to join our growing Offensive Security program. Prudential's Offensive Security team takes a proactive and adversarial approach to protecting Prudential. The Offensive Security Engineer will use their strong technical skills in application architecture and enterprise infrastructure to assume a hacker mind set and find vulnerabilities before an adversary can. The Offensive Security Engineer is responsible for participating in Prudential’s penetration testing, responsible disclosure, and vulnerability validation operations across the global enterprise.  As an influential member of the team, the Offensive Security Engineer will be a primary liaison with the enterprise architecture, security, and technology teams.

What You'll Do

• Perform continuous penetration testing of Prudential's infrastructure, web, and mobile applications.
• Write, generate, and collaborate on reports of findings.
• Continuously improve and set up testing infrastructure for use during engagements.
• Present and share findings to various partners (application security, software development, DFIR, and dev ops teams), while supporting thoughout the remediation process.
• Regularly research and learn new TTPs in public and closed forums.
• Collaborate with teammates to assess Prudential’s risk, while working with teams to design, implement, and validate controls as necessary to help maintain and advance Prudential’s security posture.
• Liaise with the security engineering teams to improve tool usage and workflow, as well as with the cyber security operations center to mature monitoring and response capabilities.
• Work with external security researchers through our responsible disclosure program to validate, triage, and orchestrate response and remediation of reported security vulnerabilities.
• Build custom tools as needed during engagements.

Basic Qualifications

• Bachelors degree in computer science, or equivalent work experience.
• 3 Years of Offensive Security experience which includes:
  • Web Application Testing
  • Network Testing
  • Cloud Testing
  • Mobile Testing
• Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities.
• Knowledge of deploying and maintaining Red Team operational infrastructure.
• Knowledge of adversarial TTPs.
• Competent with security tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.
• Competent understanding of various operating systems such as Windows and Linux.
• Understanding of frameworks such OWASP WSTG, the MITRE ATT&CK, the software development lifecycle (SDLC), etc.
• Strong written and verbal communication skills, specifically in the infosec domain. The work the Offensive Security team does is highly technical and consumed by many different audiences. Being able to bridge the gap and communicate effectively to these audiences will be invaluable and ultimately lead to decreased cyber risk.
• Solid understanding of various network/web protocols (TCP/IP, DNS, HTTP(S), web sockets, LDAP, etc.) and web stacks.
• Proficiency in one or more programming languages and can both read and understand code written by others.
• Proficient in scripting languages such as Python, PowerShell, Bash, and Ruby.

Preferred Qualifications

• Familiarity with Exploit Development, Cloud, or Mobile Security is a plus.
• Experience with project management tools such as jira, Trello, azure devops, or something similar.
•  Knowledge of Agile methodologies and experience working in Agile environments.
• Experience with developing and using C2 frameworks such as Cobalt Strike, Empire, SCYTHE, and Metasploit.
• In-depth knowledge of evasion techniques, including experience with developing custom payloads and bypassing security controls.
• Participation in and managing bug bounty/responsible disclosure programs.
• Relevant offensive security certifications such as GPEN, GWAPT, GXPN, OSCP, OSWE, OSEP.

Note: Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $93,200.00 to $138,600.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills. Roles may also be eligible for additional compensation and/or benefits. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. In addition, employees are eligible for standard benefits package including paid time off, medical, dental and retirement.

Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.

Prudential is a multinational financial services leader with operations in the United States, Asia, Europe, and Latin America. Leveraging its heritage of life insurance and asset management expertise, Prudential is focused on helping individual and institutional customers grow and protect their wealth. The company's well-known Rock symbol is an icon of strength, stability, expertise and innovation that has stood the test of time. Prudential's businesses offer a variety of products and services, including life insurance, annuities, retirement-related services, mutual funds, asset management, and real estate services.

We recognize that our strength and success are directly linked to the quality and skills of our diverse associates. We are proud to be a place where talented people who want to make a difference can grow as professionals, leaders, and as individuals. Visit www.prudential.com to learn more about our values, our history and our brand.

Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status , medical condition or any other characteristic protected by law. 

The Prudential Insurance Company of America, Newark, NJ and its affiliates.

Note that this posting is intended for individual applicants. Search firms or agencies should email Staffing at [email protected] for more information about doing business with Prudential.

PEOPLE WITH DISABILITIES:
If you need an accommodation to complete the application process, which may include an assessment, please email [email protected].

Please note that the above email is solely for individuals with disabilities requesting an accommodation.  If you are experiencing a technical issue with your application or an assessment, please email [email protected] to request assistance.