Application Security DLT Lead

at DTCC
Location Jersey City, NJ
Date Posted August 24, 2021
Category Default
Job Type Full-time

Description

Are you ready to explore a world of possibilities?

Join our DTCC family, and you’ll grow your expertise and become the best version of you. As you embark on a new journey, you’ll tackle challenges with flexibility and grace, learning new skills and advancing your career while having the time of your life.

Why You'll Love This Job:

Being a member of the Application Security team, you will be part of the Technology Risk initiative to expand the security assessments on Distributed Ledger Technology (DLT) applications and provide SME mentorship to key projects related to DLT.

The Associate Director - Application Security DLT Lead is responsible for managing, providing technical direction and perform security assessment on applications developed using Distributed Ledger Technology (DLT). The person in this role should possess good understanding of DLT and related development expertise to guide project initiatives to ensure implement security standard methodologies

Your Primary Responsibilities

  • Provide technical direction to conduct secure code reviews on DLT applications and expand related function
  • Collaborate with OTR Security Architecture to use the established security controls checklist for assessment
  • Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments
  • Perform threat modeling, design, and code views to assess security implications and requirements
  • Be a domain specialist and respond to any security engineering questions/ requests related to Cloud Security
  • Research and implement to use tools and techniques to secure and continuously monitor the DLT applications
  • Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product.
  • Develop and establish the security coding standard methodologies
  • Cultivate and maintain relationships with key partners at varying organizational levels

**NOTE: Responsibilities of this role are not limited to the details above. **

Talents Needed For Success:

  • At least 10 years of progressive IT experience, preferably in information security and related experience
  • Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions
  • A broad and deep understanding of security threats, vulnerabilities, risks associated with nature of DLT systems
  • Hands-on experience with one or more blockchain platforms: R3 Corda, Hyperledger Fabric, DAML, Enterprise Ethereum, Hyperledger Besu.
  • 2 years of experience building smart contracts or codebase contributions related to smart contract analysis, auditing, design, and implementation
  • Programming languages such as Go, NodeJS, Kotlin, Java, Rest API.
  • Experience with Docker, Kubernetes and other container orchestration solutions.
  • Knowledge of Blockchain Deployments on IaaS, SaaS and PaaS offerings on cloud platforms such as AWS, Azure, Kaleido, and others.
  • on token protocols and standards such as ERC 20, ERC 721.
  • Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more
  • Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc)
  • Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
  • Experience in facilitating technical conversations between engineering and operations teams.
  • Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.
  • Excellent verbal and written communication skills
  • Experience maintaining relationships with and presenting to senior management
  • Ability to work under stress, multitask and be flexible
  • Strong planning and project management skills
  • Highly desired - one or more of the following active certifications CSSLP, CISSP OSCP, GIAC GPEN.

We offer top class training and development for you to be an asset in our organization!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Drop files here browse files ...