Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The impact you will have in this role:
Being a member on the Technology Risk Management (TRM) team, the Application security Assurance associate will be responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security.
The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from existing and emerging security risks & improve application risk posture
Your Primary Responsibilities:

• Assist in the execution of Application Security Testing (Ethical App Pentest / FOSS / Static or Dynamic Security Testing / Threat Modeling) within the bounds of the Processes and DTCC Control Standards.
• Perform Offensive Application Testing against applications and APIs.
• Perform application threat hunting to evaluate risk to applications.
• Provide the vulnerability information in the predefined report format after performing the testing using manual methodology and tools
• Generate reports on assessment findings and summarizes to facilitate remediation, document technical issues identified during security assessments
• Be a subject matter expert and respond to any security engineering questions/ requests related to Application Defense enhancements
• Research and implement tools and techniques to secure and continuously monitor the applications
• Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product.
• Support data-to-day activities related to Application Security functions.
• Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk, and raise where applicable.
• Collaborate with application development teams on application security assessments.
• Assists others on own team, or other teams where applicable.
• Actively contribute subject matter expert knowledge to the Security Mavens Community.
• Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; raises appropriately

**NOTE: The Primary Responsibilities of this role are not limited to the details above. **
Qualifications:

• Minimum of 4 years of related experience
• Bachelor's degree preferred or equivalent experience

Talents Needed for Success:

• Fosters a culture where honesty and transparency are expected.
• Stays current on changes in his/her own specialist area and seeks out learning opportunities to ensure knowledge is up-to-date.
• Collaborates well within and across teams.
• Minimum of 5 years of experience in application penetration testing
• Minimum of 3 years of experience in App PenTest tools such as Burp Suite, Owasp Zap
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques
• Understanding of MITRE Framework and adversarial methodologies
• Ability to work under pressure, multitask and be flexible
• Certified in OSCP or GWAPT or related offensive security/red teaming certification

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
About Us
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry's needs and we're working to continually improve the world's most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind.
Learn more about Clearance and Settlement by clicking here .
About the Team
Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.