Prudential Financial
Join to apply for the
Lead, Offensive Security Engineer
role at
Prudential Financial .
Job Classification:
Technology - Information Security
Your Team & Role As a Lead Offensive Security Engineer on the Attack Surface Management team, you will be at the forefront of our efforts to identify and mitigate security risks. Your responsibilities include conducting sophisticated red‑team and purple‑team exercises to challenge and refine our defensive strategies. You will conduct a variety of penetration‑testing activities, focusing on diverse targets such as web applications, AI systems, and Active Directory environments, to uncover and address vulnerabilities. Beyond traditional offensive security operations, you will also play a key role in supporting and advancing our bug bounty program, ensuring that any potential threats are swiftly identified and resolved.
What You Can Expect on a Typical Day
Conduct Purple Team Assessments: Collaborate with the defensive (blue) team to run combined exercises that enhance detection and response capabilities, fostering a stronger overall security posture.
Perform Penetration Testing: Execute comprehensive penetration tests on various systems, including web applications, mobile applications, external networks, AI/ML systems, and SaaS environments.
Adversary Emulation: Emulate tactics, techniques, and procedures (TTPs) of known threat actors to test the effectiveness of security controls and incident response processes.
Vulnerability Identification and Exploitation: Identify and exploit weaknesses in systems and applications to demonstrate potential risks and impact.
Support Bug Bounty Programs: Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to address vulnerabilities.
STRIDE Threat Modeling: Assist stakeholders in comprehensive threat‑modeling exercises to identify potential weaknesses and harden systems.
Develop Offensive Security Tools: Create and maintain tools and scripts to assist with red‑team operations and penetration‑testing efforts.
Conduct Security Research: Regularly research and learn new TTPs in public and closed forums. Work with teammates to assess Prudential’s risk and work with teams to implement and validate controls as necessary.
Threat Intelligence Integration: Utilize threat intelligence to inform red‑team scenarios and improve the realism and relevance of simulations.
Plan and Execute Red Team Exercises: Design and carry out advanced red‑team operations to simulate real‑world attacks, identifying and exploiting vulnerabilities within client environments.
Reporting and Documentation: Produce detailed reports of findings, including technical descriptions of vulnerabilities, potential impacts, and recommended remediation steps.
Engage with Stakeholders: Communicate effectively with internal and external stakeholders to present findings, provide recommendations, and support remediation efforts.
Knowledge Sharing and Training: Conduct internal training sessions, workshops, and presentations to share insights and improve the overall skill level of the security team. Mentor and knowledge‑share with other offensive security engineers on the team.
Continuous Improvement: Regularly review and refine testing methodologies, tools, and processes to ensure cutting‑edge offensive security practices.
Provide Remediation Guidance: Offer expert recommendations to internal stakeholders on how to address and mitigate identified security vulnerabilities, ensuring they adopt best practices for enhanced protection.
The Skills & Expertise You Bring
Bachelor of Computer Science or Engineering or related experience.
Ability to coach others with minimal guidance and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization.
Experience with agile development methodologies.
Knowledge of business concepts, tools and processes that are needed for making sound decisions in the context of the company’s business.
Ability to learn new skills and knowledge on an ongoing basis through self‑initiative and tackling challenges.
Excellent problem‑solving, communication and collaboration skills.
Advanced Experience and/or Expertise with Several of the Following
Proven experience conducting a variety of offensive security operations, including red‑team and penetration testing across multiple domains such as network, web applications, mobile platforms, cloud environments, social engineering tactics, and scripting or tool creation.
Expertise in Active Directory red‑team, with a deep understanding of advanced offensive tactics, techniques and procedures (TTPs) used to exploit Active Directory environments.
Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities.
Building, deploying, and maintaining red‑team infrastructure.
Knowledge of adversarial TTPs.
Proficiency rating vulnerabilities using the CVSS scoring system.
Experience with Threat Modeling, preferably using the STRIDE methodology.
Competent with testing frameworks and tools such as Burp Suite, Metasploit, VECTR, Cobalt Strike, Kali Linux, Nessus, PowerShell, Empire and AutoSploit.
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
Experience with CVE/Bug Bounty/Responsible disclosure.
Exploit development.
Proven success in planning, executing, and debriefing complex red‑team campaigns.
Experience with enterprise attack‑surface reduction strategies and mapping attack paths in complex Active Directory environments.
Proficiency in one or more programming languages, and can read and understand code written by others.
Proficient in scripting languages such as Python, PowerShell and Bash.
Knowledge of exploiting vulnerabilities in Entra ID, AWS IAM, or other cloud identity systems.
Background in emulating sophisticated threat actors, including TTPs mapped to the MITRE ATT&CK framework.
Preferred Qualifications
IT Security certifications (e.g., GPEN, GWAPT, OSCP, OSCE, OSWE, OSEP, OSCE, RTO, GRTP, AWS/Azure/GCPSecuritycerts, etc.).
Cloud (AWS, Azure, GCP, etc.) certifications.
Other Security Certifications beyond introductory level.
Scripting background (Python, Perl, Bash, etc.).
You’ll Love Working Here Because You Can Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock‑solid organization has in store for you.
What We Offer You Prudential is required by state‑specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $128,100 to $190,700. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.
Market‑competitive base salaries, with a yearly bonus potential at every level.
Medical, dental, vision, life insurance, disability insurance, paid time off (PTO), and leave of absences, such as parental and military leave.
401(k) plan with company match (up to 4%).
Company‑funded pension plan.
Wellness programs including up to $1,600 a year for reimbursement of items purchased to support personal well‑being needs.
Work‑life resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
Education benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
Employee stock purchase plan: Shares can be purchased at 85% of the lower of two prices (beginning or end of the purchase period), after one year of service.
Referrals increase your chances of interviewing at Prudential Financial by 2x.
Prudential Financial, Inc. of the United States is not affiliated with Prudential plc, which is headquartered in the United Kingdom.
Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, genetics, disability, marital status, age, veteran status, domestic partner status, medical condition or any other characteristic protected by law.
If you need an accommodation to complete the application process, please email accommodations.hw@prudential.com.
If you are experiencing a technical issue with your application or an assessment, please email careers.technicalsupport@prudential.com to request assistance.
#J-18808-Ljbffr
Lead, Offensive Security Engineer
role at
Prudential Financial .
Job Classification:
Technology - Information Security
Your Team & Role As a Lead Offensive Security Engineer on the Attack Surface Management team, you will be at the forefront of our efforts to identify and mitigate security risks. Your responsibilities include conducting sophisticated red‑team and purple‑team exercises to challenge and refine our defensive strategies. You will conduct a variety of penetration‑testing activities, focusing on diverse targets such as web applications, AI systems, and Active Directory environments, to uncover and address vulnerabilities. Beyond traditional offensive security operations, you will also play a key role in supporting and advancing our bug bounty program, ensuring that any potential threats are swiftly identified and resolved.
What You Can Expect on a Typical Day
Conduct Purple Team Assessments: Collaborate with the defensive (blue) team to run combined exercises that enhance detection and response capabilities, fostering a stronger overall security posture.
Perform Penetration Testing: Execute comprehensive penetration tests on various systems, including web applications, mobile applications, external networks, AI/ML systems, and SaaS environments.
Adversary Emulation: Emulate tactics, techniques, and procedures (TTPs) of known threat actors to test the effectiveness of security controls and incident response processes.
Vulnerability Identification and Exploitation: Identify and exploit weaknesses in systems and applications to demonstrate potential risks and impact.
Support Bug Bounty Programs: Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to address vulnerabilities.
STRIDE Threat Modeling: Assist stakeholders in comprehensive threat‑modeling exercises to identify potential weaknesses and harden systems.
Develop Offensive Security Tools: Create and maintain tools and scripts to assist with red‑team operations and penetration‑testing efforts.
Conduct Security Research: Regularly research and learn new TTPs in public and closed forums. Work with teammates to assess Prudential’s risk and work with teams to implement and validate controls as necessary.
Threat Intelligence Integration: Utilize threat intelligence to inform red‑team scenarios and improve the realism and relevance of simulations.
Plan and Execute Red Team Exercises: Design and carry out advanced red‑team operations to simulate real‑world attacks, identifying and exploiting vulnerabilities within client environments.
Reporting and Documentation: Produce detailed reports of findings, including technical descriptions of vulnerabilities, potential impacts, and recommended remediation steps.
Engage with Stakeholders: Communicate effectively with internal and external stakeholders to present findings, provide recommendations, and support remediation efforts.
Knowledge Sharing and Training: Conduct internal training sessions, workshops, and presentations to share insights and improve the overall skill level of the security team. Mentor and knowledge‑share with other offensive security engineers on the team.
Continuous Improvement: Regularly review and refine testing methodologies, tools, and processes to ensure cutting‑edge offensive security practices.
Provide Remediation Guidance: Offer expert recommendations to internal stakeholders on how to address and mitigate identified security vulnerabilities, ensuring they adopt best practices for enhanced protection.
The Skills & Expertise You Bring
Bachelor of Computer Science or Engineering or related experience.
Ability to coach others with minimal guidance and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization.
Experience with agile development methodologies.
Knowledge of business concepts, tools and processes that are needed for making sound decisions in the context of the company’s business.
Ability to learn new skills and knowledge on an ongoing basis through self‑initiative and tackling challenges.
Excellent problem‑solving, communication and collaboration skills.
Advanced Experience and/or Expertise with Several of the Following
Proven experience conducting a variety of offensive security operations, including red‑team and penetration testing across multiple domains such as network, web applications, mobile platforms, cloud environments, social engineering tactics, and scripting or tool creation.
Expertise in Active Directory red‑team, with a deep understanding of advanced offensive tactics, techniques and procedures (TTPs) used to exploit Active Directory environments.
Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities.
Building, deploying, and maintaining red‑team infrastructure.
Knowledge of adversarial TTPs.
Proficiency rating vulnerabilities using the CVSS scoring system.
Experience with Threat Modeling, preferably using the STRIDE methodology.
Competent with testing frameworks and tools such as Burp Suite, Metasploit, VECTR, Cobalt Strike, Kali Linux, Nessus, PowerShell, Empire and AutoSploit.
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).
Experience with CVE/Bug Bounty/Responsible disclosure.
Exploit development.
Proven success in planning, executing, and debriefing complex red‑team campaigns.
Experience with enterprise attack‑surface reduction strategies and mapping attack paths in complex Active Directory environments.
Proficiency in one or more programming languages, and can read and understand code written by others.
Proficient in scripting languages such as Python, PowerShell and Bash.
Knowledge of exploiting vulnerabilities in Entra ID, AWS IAM, or other cloud identity systems.
Background in emulating sophisticated threat actors, including TTPs mapped to the MITRE ATT&CK framework.
Preferred Qualifications
IT Security certifications (e.g., GPEN, GWAPT, OSCP, OSCE, OSWE, OSEP, OSCE, RTO, GRTP, AWS/Azure/GCPSecuritycerts, etc.).
Cloud (AWS, Azure, GCP, etc.) certifications.
Other Security Certifications beyond introductory level.
Scripting background (Python, Perl, Bash, etc.).
You’ll Love Working Here Because You Can Join a team and culture where your voice matters; where every day, your work transforms our experiences to make lives better. As you put your skills to use, we’ll help you make an even bigger impact with learning experiences that can grow your technical AND leadership capabilities. You’ll be surprised by what this rock‑solid organization has in store for you.
What We Offer You Prudential is required by state‑specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $128,100 to $190,700. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.
Market‑competitive base salaries, with a yearly bonus potential at every level.
Medical, dental, vision, life insurance, disability insurance, paid time off (PTO), and leave of absences, such as parental and military leave.
401(k) plan with company match (up to 4%).
Company‑funded pension plan.
Wellness programs including up to $1,600 a year for reimbursement of items purchased to support personal well‑being needs.
Work‑life resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
Education benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
Employee stock purchase plan: Shares can be purchased at 85% of the lower of two prices (beginning or end of the purchase period), after one year of service.
Referrals increase your chances of interviewing at Prudential Financial by 2x.
Prudential Financial, Inc. of the United States is not affiliated with Prudential plc, which is headquartered in the United Kingdom.
Prudential is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender identity, genetics, disability, marital status, age, veteran status, domestic partner status, medical condition or any other characteristic protected by law.
If you need an accommodation to complete the application process, please email accommodations.hw@prudential.com.
If you are experiencing a technical issue with your application or an assessment, please email careers.technicalsupport@prudential.com to request assistance.
#J-18808-Ljbffr