Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Pay and Benefits:
- Competitive compensation, including base pay and annual incentive
- Comprehensive health and life insurance and well-being benefits, based on location
- Pension / Retirement benefits
- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
The Impact you will have in this role:
Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from existing and emerging security risks & improve application risk posture.
Note: the responsibilities listed are not exhaustive and may include other tasks as required to support application security program.
Your Primary Responsibilities:
- SAST/DAST implementation: Configure, integrate and manage SAST/DAST tools within CI/CD pipelines, continuously optimizing for accuracy and performance.
- Vulnerability management: Analyze security findings, prioritize vulnerabilities, and collaborate with developers on remediation strategies.
- Scripting and Automation: Develop Python or Shell scripts to automate security testing, reporting and tool integration processes.
- Partner with development, DevOps and QA teams to embed security best practices. Provide training on secure coding.
- Conduct security assessments, generate reports for stakeholders and track vulnerability status and resolution.
- Support the development and enforcement of security policies, staying current with emerging threats and security trends.
Qualifications:
- Minimum of 6 years of related experience
- Bachelor's degree preferred or equivalent experience.
- Hands-on experience with SAST/DAST tools such as Veracode, Fortify, Checkmarx, Burp Suite or OWASP ZAP.
- Proficient in JAVA secure coding practices.
- Strong scripting skills in Python and shell, with a proven ability to automate security tasks and integrate tools into CI/CD pipeline.
- Strong understanding of OWASP Top 10, CVE, CWE and other vulnerability classification frameworks.
- Excellent problem-solving and communication skills.
Preferred Qualifications:
- Security certifications such as CEH-practical, eWPT, or equivalent.
- Previous experience in a DevSecOps environment is a plus.
Talents Needed for Success:
- Fosters a culture where integrity and transparency are encouraged.
- Stays current on changes in their own specialist area and seeks out learning opportunities to ensure knowledge is up-to-date.
- Invests effort to individually coach others.
- Builds collaborative teams across the organization.
- Communicates openly keeping everyone across the organization informed.
- Technology skills: Hands on experience DevSecOps
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
