Job Classification:
Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA! When you join our organization at Prudential, you'll unlock an exciting and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.

Your Team & Role

As a Specialist, Attack Surface Management Reporting & Risk-Based Orchestration on the Attack Surface Management team, you will partner with other security experts across the Information Security Office, the Chief Data Office, the Chief Technology Office, and other groups in Prudential to provide technical expertise and solutions across the full lifecycle of attack surface management, including asset management, scanning / assessments, threat intelligence, analysis, reporting, and integrations of those solutions.

• Function as the domain expert on workflow orchestration tools, processes, and capabilities critical to the Attack Surface Management team. Create workflows to resolve business use cases. Collaborate with stakeholders to understand requirements and design capabilities specific to different stakeholder personas (remediation owner, GRC, business owner, service delivery, vulnerability management).
• Design and configure the system to support optimized lifecycle management processes across multiple assessments (manual and automated). Enable the system for scale (via APIs integrated with assessment tools) and automate as much capability as feasible to enable self-service.
• Develop and implement detailed technical and configuration specifications to enable the system to support lifecycle management of the various ASM functions (vulnerability management, penetration testing, OSS vulnerability management, EOL management, container vulnerability management, configuration baselines/compliance monitoring, IaC, etc.)
• Support configuration management of the orchestration tools used by ASM such as ServiceNow Vulnerability Response (VR) and Configuration Compliance (CC) modules, including design, configuration/development and operational support.
• Enable UX/UCD (user focused design) to reduce friction in managing remediation efforts, support clear risk-based prioritization and self-service.
• Support daily operational and maintenance work
• Leverage ASM tool/process specific knowledge to resolve complex technical/process/people problems.
• Leverage organizational and industry knowledge to bridge gaps between the ASM teams (Offensive/Product Security, Application Security, VM and Compliance Monitoring) and internal IT/business teams to ensure the team has the information and resources they need to meet team goals. Ability to innovate and think broadly across multiple platforms required.
• Ensure reporting data validation and KRI metrics to ensure accurate risk posture to leadership and evolve reporting as necessary to support. Must have a clear understanding and familiarity with ETL processes used on source data.
• Revise processes and procedures, metrics, and documentation that continue to improve orchestration and attack surface tracking capabilities.
• Ingestion and maintenance of common vulnerability feeds from government, vendor, and open-source communities.
• Scripting / programming skills (e.g., Python, PowerShell, JavaScript, Glide).
• Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policies.
• Align reporting to business operational models and compliance controls (SOX, NIST CSF).
• Create team run books for scanning and reporting processes developed. Develop and maintain integration documentation, including data flow diagrams, mapping, and technical specifications.
• Design, configure, and support data integrations (use and understanding of REST API or creation of integration points outside of those directly supported by vendors) for Qualys, Wiz, Threat Intelligence, Xray, HackerOne, Checkmarx, GitHub, AquaSec, NVD, JIRA, Guardium, ServiceNow Change Mgmt, etc.
• Design, configure and support Flow Designer flows and sub-flows leveraging REST API for data exchange. Deep understanding of Flow Designer and ability to revise as needed.
• Liaison with CMDB team to enhance CMDB as it relates to VR and CC data requirements.
• Enhance reporting capability of both VR and CC as it relates to dashboards, Power BI reports, and performance analytics. Liaison with security reporting warehouse to develop unified dashboards and reports.
• Customize VR and CC roles and groups.
• Provide input to the roadmap and plan to support VR and CC dependencies and upgrades.
• Monitor and troubleshoot integration and workflow issues to ensure system reliability and performance.
• Ensure data security and compliance with relevant regulations and standards during integration, development, and process workflow designs.

• Bachelor of Computer Science or Software Engineering or experience in related fields
• Systems thinking to align system design and operational capabilities.
• Experience with agile development methodologies and Test-Driven Development (TDD).
• Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.
• Experience in data engineering to correlate and map complex data sources into a data driven process to drive focused prioritization.
• Excellent problem solving, communication, and collaboration skills. Ability to think creatively, innovate and challenge status quo processes or procedures.
• Following SDLC processes, ability to customization watch topics, assignment rules, grouping rules, risk calculator rules, remediation target rules, auto-close and auto-delete rules, exception rules, notifications, classification rules, SLA definition, severity/normality mapping, and background jobs.
• Design and develop solutions to enrich vulnerabilities items and test result records and other VR and CC tables to enhance VR and CC capabilities.
• Bring a strong understanding of relevant and emerging technologies and embed learning and innovation in the day-to-day.
• Leverage AI to automate remediation guidance and provide actionable reporting.
• Leverage JIRA as part of SDLC Agile development process.
• Implement security improvements by assessing current situations, evaluating trends, and anticipating requirements.

• Development of a risk rubric across assessment tools to support consistent, predictive analytics and prioritization
• Service Now development, administration, implementation, and integration experience with core orchestration capabilities (Vulnerability Response Enterprise - Including Application Vulnerability Response, Container Vulnerability Response, Patch Orchestration, Cloud Container Security, CSAM, SBOM and Configuration Compliance).
• Experience with utilizing Power BI for dashboard reporting.
• Excellent communication, presentation, writing, and documentation skills.
• Self-directed, outcome focused and with attention to detail.
• Good deductive reasoning skill and a creative thinker.
• Ability to simplify complex workflows and design solutions with an automation first mindset.
• Understanding of data extraction queries to support correlation and reporting (ETL logic).
• Candidates must have operational knowledge of the vulnerability assessment lifecycle, including identification of vulnerabilities, risk rating, threat correlation, asset-based remediation management, reporting, and exceptions management.
• Candidates must be familiar with various vulnerability and security scanning tools, should be familiar with CVEs, CVSS, DevOps, CIS Benchmarks, OWASP, and Mitre as well as other industry specific vulnerability classification standards, frameworks, and best-practices.

• CIS Vulnerability Response or CIS-Configuration Compliance certification
• Proven experiene with Service Now (or similar capability) implementation experience

• Market competitive base salaries, with a yearly bonus potential at every level
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave
• Retirement plans:
• 401(k) plan with company match (up to 4%)
• Company-funded pension plan
• Wellness Programs to help you achieve your wellbeing goals, including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Tuition Assistance to help finance traditional college enrollment toward obtaining an approved degree, many accredited certificate programs, and industry designations.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.