Job Classification:

Technology - Engineering & Cloud

Your Team & Role

As a DevSecOps Engineer at Prudential, you will play a critical role in shaping and maintaining the company's security posture. Your responsibilities will include providing insightful feedback and advice to our security and GRC teams regarding enterprise standards. You will also be tasked with implementing and managing the necessary tools and policies to ensure that these standards are consistently monitored and enforced. Furthermore, you will also work closely with our development community, gaining a deep understanding of their security challenges. You will be at the forefront of our security efforts, bridging the gap between development and security. This role requires an understanding of security and a focus on execution to safeguard Prudential's digital assets.

Here is What You Can Expect on a Typical Day
• Continuously improve the security postures of applications, containers, cloud, and data
• Advise enterprise teams developing standards for security, quality, and controls
• Implement preventation/detection/remediation policies
• Empower developers to understand and manage their security issues
• Develop process workflows to ensure security issues are properly resolved
• Generate security benchmarks and audit reports
• Partner with security vendors to enhance their products
• Bring awareness to emerging technologies and threats

The Skills & Expertise You Bring
• Bachelor of Computer Science or Engineering or experience in related fields

Strong technical foundation with experience in several of the following:
• 3+ years in software engineering, devops, and/or security
• Experience in one or more of the following languages: Python, Javascript, Go, or Rust
• Experience with Policy-as-Code and querying languages: GraphQL, Rego, Sentinel, HCL, OVAL, CodeQL, datalog, Kusto
• Familiarity with API development and 3rd parties integration
• Familiarity with different types of infrastructure: servers, serverless, containers, cloud, networking, mobile
• Familiarity with system architectures: Monolithic, event-driven, n-tier, microservices, MVC, distributed

Security Domain Knowledge
• Thought leadership and publishing policy or research briefs
• Knowledge of application security specific topics: SDLC, DevSecOps, IAM, cloud/mobile/container security
• Experience managing security tools: SAST, SCA, DAST, xSPM, secret scanners
• Familarity with security data sources and formats: CVE, CWE, CPE, SBOM, VEX, CVSS, CAPEC, SARIF, CycloneDX
• Familarity with industry standard security frameworks: SOC2, NIST, ATT&CK, CIS, ISO 27001/27002
• Familarity with common identity standards and formats: SAML, OAuth, SCIM, LDAP, JWT, Kerberos, OpenID

DevOps Knowledge
• Implemented a DevOps pipeline and experience with tooling
• Understanding of Agile methodologies
• Experience in process engineering and developing workflows
• Strong background with git including merging and branching strategies
• Ability to document user guides, bugs/defects, features, and SOPs
• As-Code Patterns: Infrastructure, Configuration, Security, Policy, Docs, Pipeline, Identity

General Skillsets:
• Collaboration within a scrum team, development community, and decision-makers
• Excellent problem solving, communication, and collaboration skills
• Strong customer service and value-oriented mindset
• Strong written and verbal communication skills, including the ability to effectively communicate complex issues to both technical and non-technical users
• Strong time management and organizational skills
• Strong initiative, interpersonal and problem-solving skills with a strong desire to learn
• Ability to create excellent working relationships within and across teams

Preferred Qualifications
• Financial/Insurance industry experience is a plus, not a must

You’ll Love Working Here Because You Can

Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock-solid organization has in store for you. 

What we offer you:

Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $105,100.00 to $156,500.00. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.

• Market competitive base salaries, with a yearly bonus potential at every level.