Prudential Financial · 5 hours ago
Lead, Offensive Security Engineer
Newark, NJ
Full-time
Onsite
Senior Level, Lead/Staff
$128K/yr - $191K/yrPrudential Financial is a leading financial services institution focused on digital transformation and innovation. As a Lead Offensive Security Engineer, you will be responsible for identifying and mitigating security risks through red team and purple team exercises, penetration testing, and supporting the bug bounty program.
Asset ManagementFinanceFinancial ExchangesFinancial ServicesHealth CareInsuranceRetirement
Responsibilities
Conduct Purple Team Assessments: Collaborate with the defensive (blue) team to run combined exercises that enhance detection and response capabilities, fostering a stronger overall security posture
Perform Penetration Testing: Execute comprehensive penetration tests on various systems, including web applications, mobile applications, external networks, AI/ML systems, and SaaS environments
Adversary Emulation: Emulate tactics, techniques, and procedures (TTPs) of known threat actors to test the effectiveness of security controls and incident response processes
Vulnerability Identification and Exploitation: Identify and exploit weaknesses in systems and applications to demonstrate potential risks and impact
Support Bug Bounty Programs: Participate in and enhance the bug bounty program by validating submissions, providing detailed analysis, and collaborating with researchers and internal stakeholders to address vulnerabilities
STRIDE Threat Modeling: As an SME in attack and vulnerability exploitation techniques, assist stakeholders in comprehensive Threat Modeling exercises to identify potential weaknesses and harden systems
Develop Offensive Security Tools: Create and maintain tools and scripts to assist with red team operations and penetration testing efforts
Conduct Security Research: Regularly research and learn new TTPs in public and closed forums. Work with teammates to assess Prudential’s risk and work with teams to implement and validate controls as necessary
Threat Intelligence Integration: Utilize threat intelligence to inform red team scenarios and improve the realism and relevance of simulations
Plan and Execute Red Team Exercises: Design and carry out advanced red team operations to simulate real-world attacks, identifying and exploiting vulnerabilities within client environments
Reporting and Documentation: Produce detailed reports of findings, including technical descriptions of vulnerabilities, potential impacts, and recommended remediation steps
Engage with Stakeholders: Communicate effectively with internal and external stakeholders to present findings, provide recommendations, and support remediation efforts
Knowledge Sharing and Training: Conduct internal training sessions, workshops, and presentations to share insights and improve the overall skill level of the security team. Mentor and knowledge share with other Offensive Security engineers on the team
Continuous Improvement: Regularly review and refine testing methodologies, tools, and processes to ensure cutting-edge offensive security practices
Provide Remediation Guidance: Offer expert recommendations to internal stakeholders on how to address and mitigate identified security vulnerabilities, ensuring they adopt best practices for enhanced protection
Qualification
Required
Bachelor of Computer Science or Engineering or experience in related fields
Ability to coach others with minimal guidance and effectively leverage diverse ideas, experiences, thoughts and perspectives to the benefit of the organization
Experience with agile development methodologies
Knowledge of business concepts tools and processes that are needed for making sound decisions in the context of the company's business
Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges
Excellent problem solving, communication and collaboration skills
Proven experience conducting a variety of offensive security operations, including red teaming and penetration testing across multiple domains such as network, web applications, mobile platforms, cloud environments, social engineering tactics, and scripting or tool creation
Expertise in Active Directory red teaming, with a deep understanding of advanced offensive tactics, techniques, and procedures (TTPs) used to exploit Active Directory environments
Experience performing security reviews of existing infrastructure and demonstrating vulnerabilities
Building, deploying, and maintaining red team infrastructure
Knowledge of adversarial TTPs
Proficiency rating vulnerabilities using the CVSS scoring system
Experience with Threat Modeling, preferably using the STRIDE methodology
Competent with testing frameworks and tools such as Burp Suite, Metasploit, VECTR, Cobalt Strike, Kali Linux, Nessus, PowerShell, Empire and AutoSploit
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC)
CVE/Bug Bounty/Responsible disclosures
Exploit development
Proven success in planning, executing, and debriefing complex red team campaigns
Experience with enterprise attack surface reduction strategies and mapping attack paths in complex Active Directory environments
Proficiency in one or more programming languages, and can both read and understand code written by others
Proficient in scripting languages such as Python, PowerShell, and Bash
Knowledge of exploiting vulnerabilities in Entra ID, AWS IAM, or other cloud identity systems
Background in emulating sophisticated threat actor, including TTPs mapped to the MITRE ATT&CK framework
Preferred
IT Security certifications (e.g., GPEN, GWAPT, OSCP, OSCE, OSWE, OSEP, OSCE, RTO, GRTP, AWS/Azure/GCP Security certs, etc.)
Cloud (AWS, Azure, GCP, etc.) Certs
Other Security Certifications beyond intro level
Scripting background (Python, Perl, bash, etc.)
Benefits
Market competitive base salaries, with a yearly bonus potential at every level.
Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
401(k) plan with company match (up to 4%).
Company-funded pension plan.
Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.
Company
Prudential Financial
Prudential Financial specializes in the fields of investment management, life insurance, and retirement benefits. It is a sub-organization of Prudential Financial.
Founded in 1875
10001+ employees
H1B Sponsorship
Prudential Financial has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
2023 (1)
Funding
Current Stage
Public CompanyTotal Funding
$1.25BKey Investors
AM Best
2025-03-13Post Ipo Debt· $750M
2024-02-14Post Ipo Debt· $500M
2001-12-13IPO
Leadership Team
Andrew Sullivan
Chief Executive Officer
Yanela Frias
Executive Vice President & Chief Financial Officer
Recent News
MarketScreener
2025-12-18
2025-12-16
Company data provided by crunchbase