About this role
Lead Prudential's Application Security program within the Attack Surface Management and AppSec teams. Drive secure-by-design outcomes, governance, and automation across cloud-native and DevOps-enabled environments, partnering with engineering and security leadership.
Key Responsibilities
- Serve as the technical lead for Application Security and ASM domains
- Provide expert leadership for tools, platforms, and assessment methodologies
- Lead design/evolution of assessment, response, and risk governance processes
- Embed security controls into CI/CD pipelines
- Mentor junior staff and drive automation
Technical Overview
Focus on vulnerability management and application security tooling (SAST, SCA, DAST, ASPM); CI/CD integration; policy-as-code; regulatory alignment (NIST, PCI DSS, SOX); cloud certifications.
Ideal Candidate
The ideal candidate is an experienced AppSec lead with deep familiarity in vulnerability management, DevSecOps, and modern software security practices across cloud-native environments. They bring hands-on expertise with SAST/SCA/DAST and strong knowledge of industry standards (NIST, PCI DSS, SOX) and cloud certifications.
Must-Have Skills
Bachelor of Computer Science/Engineering or formal experience in related fieldsDeep familiarity with vulnerability and security frameworks and data sources (CVECVSSEPSSCWE)Proven experience leading and maturing application security and vulnerability management programsStrong ability to partner with engineering teams to validate findingsreduce false positivesand drive effective remediationEngineering mindset with strong systems thinking and problem-solving skillsExperience working in agile and DevSecOps environmentsHands-on experience with industry frameworks (OWASP Top 10OWASP WSTGPTESMITRE ATT&CK)Deep experience with SASTSCADASTand ASPM toolingStrong understanding of SBOMs and supply chain risk
Nice-to-Have Skills
Scripting and automation experience (PythonPowerShellBash)Exploit validation and web application penetration testingThreat actor knowledgeSecurity standards familiarity (NISTCISPCI DSS)Experience applying AI-assisted approaches to security use casesCloud certifications (AWSAzureGCP)
Tools & Platforms
SASTSCADASTASPMSBOMs
Required Skills
Bachelor of Computer Science/Engineering; deep familiarity with vulnerability/security frameworks; leading AppSec/Vulnerability Management; DevSecOps; SAST/SCA/DAST/ASPM tooling; SBOMs; OWASP; MITRE ATT&CK; NIST; PCI DSS; SOX
Hard Skills
Application securityDevSecOpsSASTSCADASTASPMSBOMsOWASP Top 10OWASP WSTGPTESMITRE ATT&CKNISTPCI DSSSOXCI/CD pipelinesPolicy-as-codePythonPowerShellBash
Soft Skills
CommunicationLeadershipCollaborationProblem-solvingStakeholder management
Certifications
Required
OSCP - Offensive Security Certified ProfessionalGPEN - GIAC Penetration TesterGWAPT - GIAC Web Application Penetration TesterCASP+ - CompTIA Advanced Security PractitionerGCSA - GIAC Cloud Security AutomationGCFA - GIAC Certified Forensic AnalystGCIH - GIAC Certified Incident Handler
Preferred
AWS Certified Solutions Architect – AssociateAzure Administrator AssociateGSEC - GIAC Security Essentials
Keywords for Your Resume
leadapplication securityattack surface managementcloud-nativedevsecopssASTSCADASTASPMSBOMsOWASP Top 10OWASP WSTGPTESMITRE ATT&CKNISTPCI DSSSOXCI/CDpolicy-as-codepythonpowershellbashawsazuregcpci/cd pipelinesvulnerability managementsastscadastaspmsbomsmitre attackci/cd
Deal Breakers
Bachelor of Computer Science/Engineering or related field, Hands-on experience with SAST/SCA/DAST, Knowledge of MITRE ATT&CK and secure-by-design practices
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile