Security Specialist

Security Specialist at PNC

At PNC, we believe our people are our greatest differentiator and competitive advantage. We are committed to delivering the best customer experience and fostering an inclusive workplace where all employees feel respected, valued, and empowered to contribute to our success.

Job Overview

As a Security Specialist, you will play a crucial role in enhancing PNC's overall security posture. You will be responsible for the technical evaluation and analysis within a specific security area, supporting the processes and tools necessary to achieve this. While this role doesn't involve architect or engineering responsibilities, it requires a deep understanding of security concepts, risk mitigation, and vulnerability management throughout the software development lifecycle (SDLC).

Key Responsibilities

• Identify, evaluate, and mitigate application security risks throughout the entire software development lifecycle (SDLC).
• Maintain a thorough understanding of OWASP Top 10 web application risks and provide guidance on mitigation strategies.
• Triage and remediate web application security vulnerabilities.
• Manually validate compensating controls to ensure effective remediation of vulnerabilities.
• Collaborate closely with application and engineering teams to promote secure coding practices.
• Analyze and manually validate RASP findings, distinguishing legitimate attacks from false positives.
• Conduct security assessments and other information security routines.
• Investigate and recommend corrective actions for data security.
• Develop policies and procedures to standardize security functions and eliminate potential vulnerabilities.

Qualifications

• Demonstrated experience in software development with comprehensive knowledge of application security.
• Strong verbal and written communication skills.
• Software Development background, preferably in Java and/or .NET.
• Proficiency in triaging and remediating web application security vulnerabilities.
• Familiarity with Interactive Application Security Testing (IAST), Runtime Application Security Protection (RASP), or Application Detection & Response (ADR) is preferred.
• Experience in incident response pertaining to application attacks is an advantage.
• University/college degree with 5+ years of industry-relevant experience, or a comparable combination of education, certification, and experience.

Preferred Skills

• Access Control (AC)
• Building Architecture
• Customer Solutions
• Disaster Recovery Planning
• Information Security
• Network Security
• Physical Security
• Risk Assessments
• Security Technologies

Competencies

• Analytical Thinking
• Effective Communications
• Information Assurance
• Information Security Management
• Information Security Technologies
• IT Environment
• IT Standards, Procedures & Policies
• IT Systems Management
• Problem Solving
• Software Security Assurance

Work Environment

This is an in-office role requiring presence Monday - Friday, 8:00 AM - 5:00 PM EST. PNC fosters a supportive, inclusive, and accessible workplace culture.

Key Skills/Competency

• Application Security
• Security Specialist
• SDLC
• OWASP Top 10
• Vulnerability Management
• Incident Response
• Secure Coding
• RASP
• IAST
• Risk Mitigation