Director, Application Security Strategist
3 years ago

Job Classification:


Technology - Information Security








Prudentials Global Technology team is the spark that ignites the power of Prudential for our customers and employees worldwide. Our organization plays a critical and highly visible role in delivering customer-driven solutions across every area of the company. The Global Technology team is made up of diverse, agile-thinking, and highly-skilled professionals; we use our combined capabilities to enable the organization with innovation, speed, agility, scalability and efficiency.








The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join the Global Technology organization at Prudential, youll unlock a challenging and impactful career all while growing your skills and advancing your profession at one of the worlds leading financial services institutions.







The Director, Application Security Strategist is responsible for validating that application services are designed and implemented with high security standards. The role will spend a large percentage of time developing and supporting security controls. Additionally, the application security strategist establishes an application security vision with sustainable standards and processes. As an influential member of the team, they will be a primary liaison with the architecture, security, and technology teams.







The Director, Application Security Strategist creates and evolves strategy to support the business at scale. The role is responsible for designing a secure framework with a repeatable, flexible process, and they must be able to receive, assess and integrate input from technical and business units to ensure that what is designed meets business and technical needs. The position is responsible for the security of applications supporting business-to-business, third-party relationships, outsourced solutions, and vendors. The role requires rigor in authentication and authorization, as well as data validation and secure data transmission, all validated with logging and auditable events. The Director, Application Security Strategist must be comfortable supporting integration with both internally developed and externally supported applications and services. Considered a highly knowledgeable individual, the individual is expected to recommend programmatic controls, and monitor and manage secure development processes that address modern day issues.







Essential Job Duties




  • Influence secure development standards and implementations across multiple platforms.



  • Adopt security standards and evangelize them across development and security teams.



  • Enforce rigorous security controls with internal and external constituents and follow through for verification and consistency.



  • Document and provide ongoing maintenance of materials to eliminate discrepancies in development and security best practices.



  • Focus on automation to aid in efficiencies with both testing and production.



  • Work in tandem with developers to provide repetitive validation testing prior to production that allows for a continuous cycle of development followed by application security assessments.



  • Regularly monitor the security community for public-facing security issues as well as to learn new tactics for securing data transmissions and reducing attack exposure.



  • Attend and participate in application projects and change management committee meetings. This includes interacting with business units and technical teams to understand what is coming and how projects can be more secure from the beginning.



  • Leverage security standards and implementation configurations, as well as common security frameworks.



  • Document secure delivery and implementation advancements that meet defined service-level agreements (SLAs) and business metrics.



  • Align with architects and development teams for a mission of secure design and data integrity preservation among users, apps and infrastructure.



  • Mentor less experienced members of the team to help build a strong culture and improve security efficacy.



  • Actively participate in and lead security team meetings that facilitate secure design.



  • Perform testing and validation to identify any vulnerabilities that inject or intercept data in APIs.



  • Understand and leverage encoding and tokenization processes.



  • Be highly engaged in information security projects that evaluate existing security infrastructure and proposed changes as defined by security leadership and architects; deliver projects on time, within budget and in accordance with SLAs.



  • Focus on application security that complies with Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX) and other applicable regulatory or industry standard requirements and privacy laws.



  • Develop security test plans from architectural designs, identify deficiencies and make enhancements to ensure production is not impacted.



  • Perform other duties as assigned.







Skills and Experience




  • At least 5+ years experience in cybersecurity preferred, including compliance and risk management with system and application security engineering.



  • Highly technical and analytical with a proven deep background in application programming (5+ years above and beyond cybersecurity experience preferred).



  • Established experience with Agile and software development lifecycle (SDLC) practices.



  • Experienced with REST and SOAP development and security controls.



  • Additional experience with JSON, JWT, XML, jQuery and JavaScript.



  • Knowledge of security fundamentals for software-as-a-service (SaaS) application integrations.



  • Skillful in single sign-on (SSO), OAuth 2.0, OpenID Connect and SAML.



  • Proven excellence in communicating business risk from cybersecurity topics.



  • Active involvement with practices emerging from OWASP, NIST and SANS, among others.



  • Proficient in software development (Java, Python, C++, Ruby, etc.)



  • Solid understanding of network and web protocols.



  • Experienced with securing intra-company and third-party APIs.



  • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating thoroughly.







Additional Qualifications




  • Experience with cryptography controls and measures to secure applications and data.



  • Understanding of cloud API resources from Amazon Web Services (AWS), Microsoft Azure and Google Compute Cloud (GCP).



  • Experience working with one or more databases, including SQL Server, MongoDB, NoSQL variants.



  • Experience with one or more of the following: ISO 27001, NIST, PCI, HIPAA/HITECH, SOX, GDPR, CIS or SOC2.



  • Expected working knowledge of Windows, Linux and Unix.



  • Familiarity with state privacy laws.



  • Highly trustworthy; leads by example.







Education Requirements




  • Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent.







Certification Requirements




  • SANS certifications, CISSP, CCSP and/or CSSLP, OSCP (and related)


-


Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.







Prudential is a multinational financial services leader with operations in the United States, Asia, Europe, and Latin America. Leveraging its heritage of life insurance and asset management expertise, Prudential is focused on helping individual and institutional customers grow and protect their wealth. The company's well-known Rock symbol is an icon of strength, stability, expertise and innovation that has stood the test of time. Prudential's businesses offer a variety of products and services, including life insurance, annuities, retirement-related services, mutual funds, asset management, and real estate services.







We recognize that our strength and success are directly linked to the quality and skills of our diverse associates. We are proud to be a place where talented people who want to make a difference can grow as professionals, leaders, and as individuals. Visit www.prudential.com to learn more about our values, our history and our brand.







Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status , medical condition or any other characteristic protected by law.







The Prudential Insurance Company of America, Newark, NJ and its affiliates.







Note that this posting is intended for individual applicants. Search firms or agencies should email Staffing at staffingagencies@prudential.com for more information about doing business with Prudential.







PEOPLE WITH DISABILITIES:
If you need an accommodation to complete the application process, which may include an assessment, please email accommodations.hw@prudential.com.







Please note that the above email is solely for individuals with disabilities requesting an accommodation. If you are experiencing a technical issue with your application or an assessment, please email careers.technicalsupport@prudential.com to request assistance.








posted by
Fevrok Botavatar
Fevrok Bot @bot
I'm a Fevrok Bot I fetch jobs from Fevrok partners websites
Company
Prudential Ins Co of America's logo
Prudential Ins Co of America
@prudential-ins-co-of-america (company)
similar jobs
Director, Cloud Security Strategy Director, Security Strategy Engineering Director Engineering Director Engineering Director Engineering Director Director, Brand Marketing & Advertising - Consumer Segments HPC DevOps ENGINEER Director IT – Enterprise Architecture, Sales and Service
Fevrok logo
Get support
Company
About us Blog Sitemap
Legal
Privacy policy
©2025 Fevrok. All Rights Reserved.
  english