Security Analyst - Application Security

Position Overview

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company's success. As a [position title] within PNC's [name of division] organization, you will be based in [city/state location of position].

As a Security Analyst within PNC's Technology organization, you will be based in Pittsburgh, PA;
Cleveland, OH;
Birmingham, AL;
Dallas, TX or Lakewood, CO.

• Knowledge of common application security concepts and vulnerability types (e.g., OWASP Top 10), with the ability to learn how they apply in real-world systems.
• Exposure to the Software Development Lifecycle (SDLC) and an interest in understanding where security fits into design, development, and testing activities.
• Ability to analyze information, follow defined security processes, and execute assigned security tasks with attention to detail.
• Strong analytical and problem‑solving skills to help identify potential risks and support remediation efforts under guidance.
• Effective communication skills, with the ability to explain security findings, vulnerabilities, and risks in clear, approachable terms to developers, product managers, and non-security partners.
• Willingness to coach and educate partners on security processes and expectations, reinforcing consistent and repeatable security practices.
• Ability to work both independently on assigned tasks and collaboratively within cross-functional teams.
• Familiarity with Agile delivery concepts (e.g., Scrum, Kanban).

• Hands‑on exposure to application security, secure coding concepts, or software development.
• Familiarity with security testing concepts or tools (e.g., vulnerability scanning results, SAST/DAST outputs), with the ability to learn tool usage on the job.
• Knowledge of security frameworks, standards, or best practices (e.g., OWASP, NIST), or strong interest in developing that knowledge.
• Exposure to cloud computing concepts or modern application architectures (e.g., APIs, microservices) is a plus.
• Entry‑level or foundational security certifications (e.g., Security+, GIAC Fundamentals), or progress toward a relevant certification.
• Demonstrated interest in application security, product security, or secure software development through academic projects, personal learning, or prior roles.
• Strong documentation skills, with the ability to create clear notes, assessments, and evidence to support security processes and controls.

• Provides technical evaluation and analysis. Supports activities, processes, and tools needed to improve overall security posture of the organization.
• Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation. Performs investigation and data loss prevention, data manipulation, and coordination of activities. Performs actions to address or mitigate risks and vulnerabilities. Reviews and defines controls.
• Advises on more complex security procedures and products for clients, security administrators and network operations. Participates in enforcement of control security risks and threats; potential of one more controls subject to manager discretion. Shares knowledge with staff.
• Conducts security assessments and other information security routines consistently. Investigates and recommends corrective actions for data security related to established guidelines.

• Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
• Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support…