Offensive Security Engineer

Company: PGIM
Location: Newark
Posted on: January 28, 2023

Job Description:

Job Classification:Technology - Information SecurityPrudential's Global Technology (GT) team is the spark that ignites the power of Prudential for our customers and employees worldwide. Our organization plays a critical and highly visible role in delivering customer-driven solutions across every area of the company. The Global Technology team is made up of diverse, agile-thinking, and highly skilled professionals; we use our combined capabilities to enable the organization with innovation, speed, agility, scalability, and efficiency.The Global Technology team takes great pride in our culture where digital transformation is built into our DNA. When you join the Global Technology organization at Prudential, you'll unlock a challenging and impactful career - all while growing your skills and advancing your profession at one of the world's leading financial services institutions.Prudential is looking for an Offensive Security Engineer to join our growing Offensive Security program. Prudential's Offensive Security team takes a proactive and adversarial approach to protecting Prudential. The Offensive Security Engineer will use their strong technical skills in application architecture and enterprise infrastructure to assume a hacker mind set and find vulnerabilities before an adversary can. The Offensive Security Engineer is responsible for participating in Prudential's penetration testing, responsible disclosure, and vulnerability validation operations across the global enterprise. As an influential member of the team, the Offensive Security Engineer will be a primary liaison with the enterprise architecture, security, and technology teams.What You'll Do--- Perform pen tests of Prudential's infrastructure and web and mobile applications.--- Communicate discovered issues (OWASP Top 10, XSS, CSRF, SSRF, SQLi, IDOR). How to exploit them and how to remediate them.--- Collaborate with the Offensive Security team writing tools and setting up infrastructure for use during engagements.--- Present and share findings and testing techniques with various partners (application security, software development, DFIR, and dev ops teams).--- Regularly research and learn new TTPs in public and closed forums. Work with teammates to assess Prudential's risk and work with teams to implement and validate controls as necessary. --- Liaise with the security engineering teams to improve tool usage and workflow, as well as with the cyber security operations center to mature monitoring and response capabilities.--- Work with external security researchers through our VDP and bug bounty programs to reproduce, validate, assess risk, and provide/orchestrate remediation of reported security issues.--- Mentor other Offensive Security engineers on the team.Basic Qualifications--- Bachelors Degree in Computer Science, or equivalent work experience--- Experience performing web and mobile application penetration testing--- Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities--- Building, deploying, and leading Red Team operational infrastructure--- Knowledge of adversarial TTPs--- Competent with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, Nessus, PowerShell Empire and AutoSploit.--- Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).--- Strong written and verbal communication skills, specifically on security topics. The work the Offensive Security team does is highly technical and consumed by a number of different audiences. Being able to bridge the gap and communicate effectively to these audiences will be invaluable and ultimately lead to a decrease in cyber risk.Preferred Qualifications--- Proficiency in one or more programming languages and can both read and understand code written by others.--- Proficient in scripting languages such as Python, PowerShell, Bash and Ruby.--- CVE/Bug Bounty/Responsible disclosures--- Exploit development--- GPEN, GWAPT, OSCP, OSCE, OSWENote: Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $126,000.00 to $187,400.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills. Roles may also be eligible for additional compensation and/or benefits. Eligibility to participate in a discretionary annual incentive program is subject to the rules governing the program, whereby an award, if any, depends on various factors including, without limitation, individual and organizational performance. In addition, employees are eligible for standard benefits package including paid time off, medical, dental and retirement.Prudential Financial, Inc. of the United States is not affiliated with Prudential plc. which is headquartered in the United Kingdom.Prudential is a multinational financial services leader with operations in the United States, Asia, Europe, and Latin America. Leveraging its heritage of life insurance and asset management expertise, Prudential is focused on helping individual and institutional customers grow and protect their wealth. The company's well-known Rock symbol is an icon of strength, stability, expertise and innovation that has stood the test of time. Prudential's businesses offer a variety of products and services, including life insurance, annuities, retirement-related services, mutual funds, asset management, and real estate services.We recognize that our strength and success are directly linked to the quality and skills of our diverse associates. We are proud to be a place where talented people who want to make a difference can grow as professionals, leaders, and as individuals. Visit to learn more about our values, our history and our brand.Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, national origin, genetics, disability, marital status, age, veteran status, domestic partner status , medical condition or any other characteristic protected by law. -The Prudential Insurance Company of America, Newark, NJ and its affiliates.Note that this posting is intended for individual applicants. Search firms or agencies should email Staffing at staffingagencies@prudential.com for more information about doing business with Prudential.PEOPLE WITH DISABILITIES:If you need an accommodation to complete the application process, which may include an assessment, please email accommodations.hw@prudential.com.Please note that the above email is solely for individuals with disabilities requesting an accommodation. -If you are experiencing a technical issue with your application or an assessment, please email careers.technicalsupport@prudential.com to request assistance.SummaryLocation: Newark, NJ, USAType: Full time

Keywords: PGIM, Newark , Offensive Security Engineer, Other , Newark, New Jersey