Specialist, Application Security jobs in United States
cer-icon
Apply on Employer Site
company-logo

PGIM · 5 months ago

Specialist, Application Security

positionNewark, NJ, USA
timeFull-time
remoteOnsite
seniorityMid Level
money$100K/yr - $148K/yr

PGIM is a leading financial services institution that prides itself on innovation and digital transformation. The Application Security Specialist will enhance Prudential's application security program, ensuring secure development practices and mitigating risks across digital assets. This role involves collaboration with various teams to implement security policies, monitor vulnerabilities, and drive risk reduction efforts.

Asset Management
check
Culture & Values
check
H1B Sponsor Likelynote

Responsibilities

Serve as the escalation point for operational and project work from junior team members, providing technical support for security tools and solutions, and implementing assessment and response processes
Utilize AppSec tool and process expertise to resolve complex technical and organizational challenges, bridging gaps between AppSec/DevOps and IT/business teams to ensure resource availability for team goals
Collaborate with leadership to define the future direction of the AppSec program, while maintaining a deep understanding of daily operations to offer informed recommendations
Enhance vulnerability and configuration monitoring for open source, third-party, and proprietary code and applications, integrating security best practices into development and operations
Design, develop, and implement security policies and alerting mechanisms based on SOX and NIST standards, and assist in evaluating new software solutions
Conduct qualitative and quantitative analyses to improve user experience, promoting secure-by-design principles throughout the software development lifecycle
Validate mitigation controls, ensure reporting metrics convey risk posture to leadership, and adapt them as necessary
Revise processes, metrics, and documentation to enhance AppSec program capabilities, providing proof-of-concept exploits to demonstrate exploitability and validate remediation actions
Collaborate with technology peers and business stakeholders to ensure remediation efforts comply with corporate standards, creating technical documentation and SoPs for internal security processes
Work with engineering teams to address application vulnerabilities, developing remediation and mitigation strategies, and define requirements for automation tools to manage application security posture

Qualification

Application SecurityCloud-native SecurityDevOps PracticesVulnerability ManagementAgile DevelopmentSecurity StandardsScripting PythonScripting PowerShellExploit ValidationCommunication SkillsProblem SolvingCollaboration Skills

Required

Bachelor of Computer Science or Engineering or experience in related fields
Ability to coach others with minimal guidance and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization
Experience with agile development methodologies and Test-Driven Development (TDD)
Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's business
Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges
Excellent problem solving, communication and collaboration skills
Applied experience with several of the following: Familiarity with vulnerability and security scanning tools, as well as common vulnerability data sources and frameworks (CVE, CVSS, EPSS, CWE)
Experience improving vulnerability management platforms, processes, and assessments
Engineering mindset – systems thinking, creative problem solving, deductive reasoning
Experience with industry Assessment Frameworks (OWASP WSTG, PTES, Mitre Att@ck Framework)
SAST, SCA, DAST, ASPM tools
Strong understanding of software composition analysis and SBOMs
Ability to adjust communicate style to the target audience with a proficiency in communicating technical and business risk
Experience with common vulnerability feeds from government, vendor, and open-source communities
Understanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controls
Understanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediation

Preferred

Scripting background (Python, PowerShell, Bash, etc.)
Understanding of threat actors, with the ability to articulate or demonstrate how they operate and subvert common security controls
Knowledge of industry security standards and frameworks (CIS, NIST, PCI DSS)
Ability to perform exploit validation and web application penetration testing
Agentic AI for Security use cases
Leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization
GIAC Web Application Penetration Tester (GWAPT)
CompTIA Advanced Security Practitioner (CASP+)
GIAC Cloud Security Automation (GCSA)
IT Security certification beyond intro level certifications, (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.)
Cloud (AWS, Azure, GCP, etc.) Certs
Other Security Certifications beyond intro level

Benefits

Market competitive base salaries, with a yearly bonus potential at every level.
Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
401(k) plan with company match (up to 4%).
Company-funded pension plan.
Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.

Company

PGIM

twittertwittertwitter
Glassdoor4.2
company-logo
PGIM is a money manager whose clients rely on their risk management expertise, intellectual capital, and innovative solutions. It is a sub-organization of Prudential Financial.
dateFounded in 1875
location
Newark, New Jersey, USA
people-size1001-5000 employees
web-link
https://www.pgim.com

H1B Sponsorship

PGIM has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (15)
2024 (12)
2023 (8)
2022 (8)
2021 (7)
2020 (14)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Jakob Wilhelmus
Director, Thematic Research
linkedin

Recent News

Private Banker International
PGIM considers divesting Indian asset management unit – report
2026-01-16
Investing.com
Exclusive: With $10 billion in dry power, QXO is near next multi-billion deal
2026-01-16
PitchBook
QXO upsizes preferred equity placement to $3B amid strong demand
2026-01-16
Company data provided by crunchbase