AppSec Engineer – Vulnerability Operations Center

Prudential Financial, Inc

Malaysia, Kuala Lumpur

4-6 Years

Save

Posted 2 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Prudential's purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

The incumbent is expected to be a proficient security engineer with strong expertise in DevSecOps technologies as well as vulnerability remediation. This role forms a part of the Vulnerability Operations Centre team (VOC) by ensuring that vulnerabilities are accurately validated and prioritized. The incumbent is responsible for triaging, analyzing, and enriching vulnerability findings across application security testing tools, including performing research and exploration to improve triage processes through potential open source or commercial tooling. The incumbent is also expected to work closely with the application team, developers and BISOs within the security function to support multiple lines of business units located across Asia, Africa and UK.

Job Description

Possess strong understanding of vulnerability types, (OWASP Top 10, CWE, CVE, misconfiguration, insecure API) and be able to clearly explain common attack techniques. Having a solid grasp of web application security and API security principles.
Demonstrate strong capability in vulnerability prioritization, with the ability to access risk based on exploitability, asset criticality and business context.
Uplift DevSecOps vulnerability triage operations to enhance effectiveness and efficiency.
Perform manual and semi-automated triage of vulnerability findings to provide expert judgment on severity, exploitability, and business impact.
Conduct false positive analysis, de-duplication, and tool output normalization.
Provide technical input during project release to prepare triage readiness.
Identify and correlate recurring vulnerability data across projects or business units to observe trends to simplify or streamline triage processes.
Collaborate with application teams, DevOps, BISOs and developers effectively by explaining vulnerabilities and risks clearly to application team.
Participate in security tool PoC/PoV and selection processes.
Drive implementation and integration of selected tools into the triage workflow to enhance automation, data accuracy and analyst efficiency.
Design and implement automation workflows for enrichment, de-duplication, and ticketing
Contribute to strategic planning and continuous improvement of VOC capabilities.
Prepare documentation and reporting on knowledge base documentation and playbook creation. Maintain accurate records of analysis, risk decisions and triage actions.
Provide guidance to developers and application teams on secure coding best practices.

Job Requirement

Familiarity with security standards, CVSS scoring, EPSS, CWE, CVE, KEV database and MITRE ATT&CK, demonstrated experience with CVSS tuning, exploit intelligence, and SLA tagging.
Familiarity with exploitation techniques, able to explain and evaluate threats like SQL injection, XSS, CSRF, SSRF, RCE.
Proficiency in one or more scripting languages (JS, Python, PowerShell, Bash), and automation platforms, as well as data visualization tools.
Advanced knowledge of vulnerability assessment tools and threat modelling.
Embrace a positive mindset for growth to drive change within a legacy environment with technical debt and internal challenges.
Strong analytical and communication skills, Excellent stakeholder communication and incident coordination skills. Ability to collaborate and coordinate across differing teams across the different technology stacks of application, infrastructure, cloud, networking.
Ability to explain technical vulnerabilities clearly to developers and other stakeholders.
Possess critical thinking outside of traditional boundaries to trigger deep rooted problem solving and multi-disciplinary analytical skills.
Effective technical writing and documentation skills for SOPs and evaluation reports.
Bachelor's degree in Information Security, Computing Engineering or equivalent.
4+ years in cybersecurity, preferably with a focus on vulnerability management, AppSec, or vulnerability operations team.
Prior experience in working in a global/regional exposure is desirable, with prior experience in financial service and/or tech industry is a bonus.
Have deep knowledge on security frameworks, NIST, ISO 27001.
Experience in multi-cloud and enterprise-scale environments, Understanding of cloud environments (AWS, Azure, GCP) and their security implications.
Experience with Vulnerability Tools, SAST, DAST, SCA, container scanners.
Familiarity in the triage vulnerability operations and vulnerability risk scoring methodologies for identified application security findings/vulnerabilities.
Experience in or aptitude for building automation scripts, queries or workflows to reduce triage workload.
Relevant Information Security certification(s) preferred, such as Security+, OSCP, CISSP, are advantageous.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.