AppSec Jobs
← Back to all jobs

PNC

Security Analyst - Application Security

Pittsburgh, PAPosted 3 days agoWebsite
Apply on LinkedIn →

About This Role

Security Analyst - Application Security position available in multiple U.S. locations including Pittsburgh, Pennsylvania; Birmingham, Alabama; Farmers Branch, Texas; Lakewood, Colorado; and Strongsville, Ohio. Full-time role in the Technology category.

About PNC

PNC Financial Services Group, Inc. is a prominent regional financial services company based in Pittsburgh, Pennsylvania, operating across 27 states. Established in 1983 through the merger of Pittsburgh National Corporation and Provident National Corporation, PNC has a rich history that dates back to the mid-19th century with roots in institutions like the Pittsburgh Trust and Savings Company and Provident Life and Trust Company. The company provides a wide array of financial services, including retail banking, commercial banking, asset and wealth management, investment banking, and institutional banking services. PNC caters to a diverse clientele, including individual consumers, small to large businesses, and government and nonprofit organizations. Its extensive regional presence and comprehensive financial offerings make it a leading institution in the eastern and midwestern United States.

Industry

financial services

Employees

54,000

3850 engineers

Revenue

$33B

Website

Visit →

Security at PNC

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • PNC frames application security as an enterprise risk-management function aligned to industry frameworks and overseen by senior technology and board committees.
  • The approach is risk‑based and compliance‑oriented, using a converged threat model (cyber, fraud, physical, insider) to unify intelligence and response.
  • Security is embedded across the software development lifecycle via an explicit Secure SDLC program and reinforced through authentication modernization (FIDO), third‑party assurance, training, and operational resiliency controls.

Security Team

  • AppSec capabilities are distributed across Information Security functions — Access/Identity Management, Security Assessment, Vulnerability Management, Security Architecture, Incident Response — with a dedicated Third‑Party Assurance function for vendor oversight.
  • Program governance is exercised through internal working groups and senior committees (e.g., Technology Risk and Business Committee, Independent Technology Risk Management Committee) and board technology committees.

Key Initiatives

  • Key public initiatives include: (1) a Secure SDLC program that injects security and risk management into development phase gates.
  • (2) deployment of FIDO‑based authentication to reduce credential risk and improve UX.
  • (3) a Third‑Party Assurance program and annual audits/SOC processes for vendor risk.
  • (4) fraud prevention and employee/customer awareness/training programs.
  • (5) participation in sector intelligence sharing to inform prioritization and response.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn