Corning Incorporated
Senior Network Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Corning Incorporated
Corning Incorporated is a prominent materials science company based in Corning, New York, founded in 1851. It specializes in the development, manufacturing, and marketing of advanced glass, ceramics, and optical physics products. With 124 manufacturing plants in 15 countries and a workforce of over 56,000, Corning operates on a global scale. The company is organized into five main segments: Optical Communications, Specialty Materials, Display Technologies, Environmental Technologies, and Life Sciences. Key products include Corning Gorilla Glass, Pyrex, optical fiber, and various specialty glass and ceramic products. Corning serves a diverse range of customers across industries such as telecommunications, consumer electronics, automotive, biotechnology, and pharmaceuticals. The company is known for its commitment to innovation, having pioneered several technologies throughout its history.
Security at Corning Incorporated
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Corning frames information security as an organization-wide responsibility, stating that 'Effective Information Security requires active participation from all employees throughout the organization.' They also have an explicit commitment to privacy and data protection, asserting, 'At Corning, we are committed to upholding the highest standards of privacy and data protection.' Corning's CISO views security as a business enabler, noting, 'Rather than being perceived as a hindrance, our cyber-security practices are now seen as enablers of business innovation.' However, no public, corning.com or leadership-published verbatim statements specifically labeled 'Application Security,' 'AppSec mission,' 'developer-first' vs 'gatekeeping' language, or explicit AppSec risk-philosophy phrases (e.g., 'risk-based approach,' 'threat modeling') were found. This information is not publicly available.”
Security Team
José J. Hernández is identified as Corning's chief information security officer (CISO), based in Charlotte, North Carolina. Job postings indicate active global cybersecurity roles and tooling expectations, suggesting a corporate security organization and global cyber operations teams. For example, a Network Security Engineer job posting mentions desired experience with 'IVANTI Pulse Secure, Juniper, Palo Alto Networks, Cisco.' Another job posting for an IT Sr. Analyst, Cyber Security, indicates responsibilities for a division-level cyber program, involving 'ensuring the confidentiality, integrity, and availability of the division's digital assets.' Evidence was insufficient to produce an AppSec team headcount or AppSec-specific LinkedIn search results; this information is not publicly available. As of, no job posting explicitly titled 'Application Security' or 'Application Security Engineer' was found. Common skill/tool patterns from security job postings include network/security appliances and references to 'Qualys' and 'ServiceNow.' No public organizational chart or reporting chain explicitly describing an 'AppSec team' or its reporting line was found; this information is not publicly available.
Key Initiatives
Corning references enterprise information security governance and intellectual property protection, aiming 'to protect its intellectual property from all internal and external security threats.' Job postings indicate the use of vulnerability/asset management tools like Qualys and ServiceNow for tracking, implying standard VM/ticketing practices. For example, an IT Sr. Analyst, Cyber Security role involves supporting 'global security applications for OFC (GFMS and Keystone).' No public evidence of a Corning 'Security Champions' program or similar embedded developer-security program was found. Similarly, no public, corning.com or leadership-published verbatim evidence of shift-left AppSec practices (e.g., IDE/PR/CI-integrated SAST, pre-commit hooks, developer enablement language specific to AppSec) was found. Details regarding vulnerability management process (triage SLAs, MTTR, ticket assignment, bug-bounty) were not found in public Corning pages. No AppSec-specific initiatives, tool rollouts, or policy changes were found in public Corning pages or press within the last 6 months, though Corning updated its Internet Data Protection Notice on. The public record shows strong corporate information security governance and active hiring for network and cyber roles, but there is no explicit, publicly disclosed Application Security program, team structure, stated AppSec mission, or AppSec tooling list.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.