Specialist, Cyber Security Operations- Cloud/Containers

Job Classification:Technology - Information SecurityAre you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency? The Global Technology team takes great pride in our culture where digital transformation is built into our DNA When you join our organization at Prudential, youll unlock an exciting and impactful career all while growing your skills and advancing your profession at one of the worlds leading financial services institutions.Your Team & RoleAs a Specialist, Cyber Security Operations- Cloud/Containers on the Attack Surface Management Team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other groups in Prudential to drive Prudentials Cloud security efforts across the global enterprise.You will also support implementation and operational best practices, while owning tasks and/or project workstreams, assist and perform analysis and diagnosis of issues related to technology configuration, setup, procedural and/or process challenges, and contribute to deliverables. You will work on significant and unique issues where analysis of situations or data requires an evaluation of intangible variables and may impact future concepts, products or technologies to ensure security of our products and customers In addition to applied experience, you will bring excellent problem solving, communication and teamwork skills, along with agile ways of working, strong business insight, an inclusive leadership attitude and a continuous learning focus to all that you do.Here is What You Can Expect on a Typical DayFunction as the escalation point for all Security Operations daily operational work as well as project work from more junior staff on the teamLeverage Security Operations and tool/process specific knowledge to resolve complex technical/process/people problems the team faces.Leverage organizational and industry knowledge to bridge gaps between the Security Operations teams and internal IT/business teams to ensure the team has the information and resources they need to meet team goals.Partner with leadership to set direction for the future of Security Operations program, while ensuring an accurate understanding and in-depth knowledge of daily operations to provide team recommendations.Bring an applied understanding of relevant and emerging technologies, begin to identify opportunities to provide input to the team and coach others, and embed learning and innovation in the day-to-dayValidate proper mitigation controls are in place until remediation activities are complete.Act as the point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groupsEnsure reporting metrics relay proper risk posture to leadership and evolve as necessarysupport.Revise processes and procedures, metrics, and documentation that continue to improve the vulnerability management capability.Provide proof-of-concept exploits in a lab environment to demonstrate exploitability and provide validation of proposed / implemented remediation actionsExperience with common vulnerability feeds from government, vendor, and open-source communitiesUnderstanding of threat actors with the ability to articulate how they operate and demonstrate how they subvert common security controlsUnderstanding of the OWASP Top 10. Familiarity with vulnerabilities in 3rd party libraries and remediationScripting / programming skills (e.g., Python, PowerShell)Work with IT peers and business stakeholders to ensure remediation efforts adhere to corporate standards and policiesDevelop security policies and compliance initiatives such as SOX and NISTCreate team run books for scanning and reporting processes developed.Ability to collaborate extensively with engineering teams to help them understand their vulnerabilities and assist them to develop remediation and mitigation strategies.Implement security improvements by assessing current situation, evaluating trends, and anticipating requirements.The Skills & Expertise You BringBachelor of Computer Science or Engineering or experience in related fieldsLeverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organizationExperience with agile development methodologies and Test-Driven Development (TDD)Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's businessAbility to learn new skills and knowledge on an on-going basis through self-initiative and tackling challengesExcellent communication, presentation, writing and documentation skillsExcellent problem solving, communication and collaboration skillsApplied experience with several of the following:Identifies opportunities for process and technical security improvements in the environmentDeductive reasoning skills, creative thinker.Analytical and detail-oriented individuals must have a passion for information security, creativity to identify gaps and initiative to find the appropriate solutions to fill needsUnderstand and able to create queries to support data extraction correlation and reportingCandidates must be skilled in vulnerability assessment, risk rating, threat correlation, asset-based remediation management, and reporting. Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessmentFamiliarity with various vulnerability and security scanning tools, should be familiar with CVEs, CVSS, Secunia, and Mitre as well as other industry specific vulnerability classification...Equal Opportunity Employer - minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity

Created: 2024-11-02