Job Description

Prudential's purpose is to help people get the most out of life. We will deliver our purpose by creating a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow and Succeed.

Role Purpose:

The Senior Engineer - Application Security is expected to manage day to day operations around security tooling management, handling of operational tickets and performing
triaging of vulnerabilities and incidents. This role is expected to be hands-on with occasionally after office hours/weekend support on migration activities and handling of incidents.
 

Job Responsibilities:

The incumbent is expected to stay abreast on latest development on DevSecOps tools, techniques, and procedures, as well as having technical “know-how” on various attacker techniques and provide feedback for improvements to tools and processes as needed.
The incumbent will need to have an eye for detail in identifying security vulnerabilities/gaps and propose appropriate/relevant compensating controls.
The incumbent is to ensure security tooling are well maintained and managed in ensuring the effectiveness of tools. This include ensuring tools are maintain with updates, patches, upgrades, and other associated activities. The incumbent also required to maintain and establish good rapport with various tooling vendors, with regards to raising technical incidents and management of these incidents to resolution.
The incumbent need to ensure all application security related process and procedures are efficient and compliant with standards. In addition, the incumbent need to ensure that all application security associated reports and metrics accurately document the details of vulnerabilities, their potential impact, and suggested remediation needed to manage risk.
The incumbent is also required to spearhead application security initiatives, through collaboration with internal and external stakeholders (including third party solution provider).

Key Responsibilities:

General Profile:

• Manage application security specific tooling as per corporate standard with vendor recommendations.
• Develops scripts, integration code to ensure the DevSecOps tools work together and provide value to development teams
• Analyzes application security tool scan results and advises Development teams to strategically resolve identified issues, as part of triaging handling activities.
• Performs manual and static and dynamic application security testing with automated tools and manual techniques
• Communicates information, suggestions, and/or problems regarding project status and critical findings to stakeholders.
• Identifies, develops, and documents in detail security issues and recommendations.
• Coordinates with other functional groups involved in Information Security, Risk, Security Architecture and Software Development teams.
• Assists with Proof of Concept (PoC), technical evaluation, procuring, managing, and configuring Application Security tools in various environments
• Performs research of emerging technologies and design frameworks and capabilities required to guide development teams of new technologies adopted by the company
• Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and complex situations.
• Creates or maintains necessary DevSecOps processes and documentation
• Provides ad hoc reports as directed by leadership.
• Maintains confidentiality on all sensitive security matters.
• Support Application Security leadership team with alignment to overall team and function objectives.

Business and Management:

• Considering business requirements and associated risk during triaging of application security findings.

Problem Solving

• A good team player in managing internal and external stakeholders in resolving issues and aligning to objectives.
• Exhibit proactiveness in identifying, highlighting, and remediating gaps and issues.

Decision Making:

• Participate in POV/POC of selected security solutions and provide insights on suitability.
• Provide insights and opinions on selection of solutions.

Accountability:

• Accountable in ensuring assigned tasks/projects/assignments are delivered as planned.

Strategic Planning:

• Participate in department workshop planning for new IT security initiatives and projects.

Financial Management:

• Assist to source for quote and review BOM (Bill of Material) during solution selection.

Job Requirements:

• Bachelor’s degree or equivalent work experience.
• More than 5 years of working experience in handling application security in large organization.
• OSCP Preferred.
• Additional relevant industry certification(s) preferred such as CISSP, CISM, etc.
• Familiar with rolling out and managing DevSecOps program and related tools & processes
• Extensive operational experience in managing and maintaining two DevSecOps domains (minimum): Static Application
• Security Testing (SAST), Dynamic Application Security Testing/Runtime (DAST), Container Security (CSec), Software
• Composition Analysis (SCA), API Security Opensource Security Scanning (OSS) and mobile security.
• Have deep knowledge on OWASP Top 10 and associated process/standard.
• Have deep knowledge on application specific vulnerabilities such as CSRF, XSS, Injection attacks, etc.
• Have operational experience in performing triaging of identified application security findings/vulnerabilities, etc.
• Experience in creating proof-of-concepts to exhibit gravity of Application Security vulnerabilities to development teams
• Experience in working with BugBounty program would be advantageous
• Experience with information security control practices and frameworks is strongly preferred.
• Experience in multiple development languages would be advantageous
• Extensive understanding of cryptographic concepts and applied cryptography
• Proficiency in one or more scripting language (Perl, Python, Shell Scripting etc.)
• Excellent written and verbal communication skills (in English)
• Excellent applied critical thinking and troubleshooting skills.
• Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and
• complex situations.
• Ability to work independently with minimum supervision and collaborate in a team environment.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with special requirements.

Job Requirements