Application Security Assurance - DevSecOps - SAST/ DAST

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

Pay and Benefits: 

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

This role is part of the Application Security Assurance team, which is responsible for ensuring secure software delivery across the enterprise. We integrate security into the Software Development Life Cycle (SDLC) using tools such as SAST, DAST, SCA, and container security, while also driving governance through DAVS ASPM and VAST. Our team collaborates closely with developers, product owners, and vendors to proactively manage application risks. This work directly supports DTCC’s broader mission of operational resilience and regulatory compliance.

The individual in this role will play a key part in strengthening our application security capabilities by leading the hands-on execution of SAST and DAST activities. This position is critical for effective communication across multiple stakeholders—including developers, product owners, and governance teams—to ensure secure software delivery.

Additionally, the role supports our strategic shift toward automated, scalable security practices, helping to maintain compliance and resilience. Overall, it enhances our ability to proactively manage risk and embed security throughout the SDLC.

Primary Responsibilities:

• Execute and manage SAST and DAST scans using tools like Veracode, Fortify, and WebInspect.
• Analyze scan results and coordinate remediation with development teams.
• Integrate security tools into CI/CD pipelines to support shift-left security.
• Communicate findings and collaborate with developers, product owners, and governance leads.
• Track metrics, document findings, and contribute to secure SDLC practices.

Qualifications:

• Minimum of 6-8 years of related experience.
• Bachelor's degree preferred or equivalent experience.  

 Talent needed for success

• Strong hands-on experience with SAST and DAST tools.
• Solid understanding of DevSecOps practices and CI/CD integration.
• Excellent communication skills to engage cross-functional teams.
• Familiarity with OWASP Top 10, secure coding standards, and vulnerability management.
• Experience with tools like SonarQube, Checkmarx, Veracode, and Burp Suite is preferred

Preferred Certifications

Candidates with one or more of the following certifications are strongly encouraged to apply:

• CSSLP – Certified Secure Software Lifecycle Professional (ISC²)
• CASE – Certified Application Security Engineer (EC-Council)
• GSSP-JAVA / GSSP-.NET – GIAC Secure Software Programmer (SANS)
• CAST – Certified Application Security Tester (IACRB)
• GWAPT – GIAC Web Application Penetration Tester (SANS)
• OSWE – Offensive Security Web Expert (OffSec)
• eWPT / eWPTX – eLearnSecurity Web Application Penetration Tester (Basic/Advanced)
• PNPT

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.