Application Security Associate

About this Opportunity

The Application Penetration Test Analyst is responsible for the App Pentesting of DTCC's applications using various App Pentest tools & manual methodologies. Interaction with DTCC developers (Application Development (AD)) to collect application detail, perform App Pentest, report security vulnerabilities and recommend remediation of application security vulnerabilities will be part of the responsibilities. The individual should possess strong application penetration testing expertise, excellent communication and organizational skills.

Business Unit: Global Chief Risk Office

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

Department: TRM

The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.

What You'll Do

  • Perform Ethical Application Penetration Testing (EAPT) on on-prem, cloud, mobile applications and APIs.
  • Perform Dynamic Application Security Testing (DAST) scans on the DTCC applications
  • Coordinate with application development teams to collect the application details.
  • Provide the vulnerability information in the predefined report format after performing the App Pentest using manual methodology and App Pentest tools such as Burp Suite and Web Inspect
  • Assist the developers in detailing the vulnerabilities reported along with the recommendations for remediation
  • Align risk and control processes into day to day responsibilities to monitor and mitigate risk; escalates appropriately

Sound Like You?
  • Minimum of 5 years of experience in application penetration testing
  • Bachelor's degree is desirable
  • Minimum of 3 years of experience in DAST tools such as Burp Suite and Web Inspect
  • Certified in CISSP, OSCP or CEH
  • Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques

Who We Are

With over 45 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From operating facilities, data centers and offices in 16 countries, DTCC, through its subsidiaries, automates, centralizes and standardizes the processing of financial transactions, mitigating risk, increasing transparency and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm simplifies the complexities of clearing, settlement, asset servicing, data management, data reporting and information services across asset classes, bringing increased security and soundness to financial markets. In 2018, DTCC's subsidiaries processed securities transactions valued at more than U.S. $1.85 quadrillion. Its depository provides custody and asset servicing for securities issues from 170 countries and territories valued at U.S. $52.2 trillion. DTCC's Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes over 14 billion messages annually. To learn more, please visit us at or connect with us on LinkedIn , Twitter , YouTube and Facebook.

Back to top