|Location||Jersey City, NJ|
|Date Posted||December 29, 2021|
Are you ready to explore a world of possibilities?
Join our DTCC family, and you’ll grow your expertise and become the best version of you. As you embark on a new journey, you’ll tackle challenges with flexibility and grace, learning new skills and advancing your career while having the time of your life.
Why You'll Love This Job:
Being a member of the Application Security team, you will be part of the Technology Risk initiative to expand the security assessments on Distributed Ledger Technology (DLT) applications and provide SME mentorship to key projects related to DLT.
The Associate Director - Application Security DLT Lead is responsible for managing, providing technical direction and perform security assessment on applications developed using Distributed Ledger Technology (DLT). The person in this role should possess good understanding of DLT and related development expertise to guide project initiatives to ensure implement security standard methodologies
Your Primary Responsibilities
- Provide technical direction to conduct secure code reviews on DLT applications and expand related function
- Collaborate with OTR Security Architecture to use the established security controls checklist for assessment
- Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments
- Perform threat modeling, design, and code views to assess security implications and requirements
- Be a domain specialist and respond to any security engineering questions/ requests related to Cloud Security
- Research and implement to use tools and techniques to secure and continuously monitor the DLT applications
- Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product.
- Develop and establish the security coding standard methodologies
- Cultivate and maintain relationships with key partners at varying organizational levels
**NOTE: Responsibilities of this role are not limited to the details above. **
Talents Needed For Success:
- At least 10 years of progressive IT experience, preferably in information security and related experience
- Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions
- A broad and deep understanding of security threats, vulnerabilities, risks associated with nature of DLT systems
- Hands-on experience with one or more blockchain platforms: R3 Corda, Hyperledger Fabric, DAML, Enterprise Ethereum, Hyperledger Besu.
- 2 years of experience building smart contracts or codebase contributions related to smart contract analysis, auditing, design, and implementation
- Programming languages such as Go, NodeJS, Kotlin, Java, Rest API.
- Experience with Docker, Kubernetes and other container orchestration solutions.
- Knowledge of Blockchain Deployments on IaaS, SaaS and PaaS offerings on cloud platforms such as AWS, Azure, Kaleido, and others.
- on token protocols and standards such as ERC 20, ERC 721.
- Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more
- Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
- Experience in facilitating technical conversations between engineering and operations teams.
- Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.
- Excellent verbal and written communication skills
- Experience maintaining relationships with and presenting to senior management
- Ability to work under stress, multitask and be flexible
- Strong planning and project management skills
- Highly desired - one or more of the following active certifications CSSLP, CISSP OSCP, GIAC GPEN.
We offer top class training and development for you to be an asset in our organization!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry’s needs and we’re working to continually improve the world’s most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind.
The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.