Application Security Assurance - DevSecOps - SAST/ DAST

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive

• Comprehensive health and life insurance and well-being benefits, based on location

• Pension / Retirement benefits

• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

This role is part of the Application Security Assurance team, which is responsible for ensuring secure software delivery across the enterprise. We integrate security into the Software Development Life Cycle (SDLC) using tools such as SAST, DAST, SCA, and container security, while also driving governance through DAVS ASPM and VAST. Our team collaborates closely with developers, product owners, and vendors to proactively manage application risks. This work directly supports DTCC's broader mission of operational resilience and regulatory compliance.

The individual in this role will play a key part in strengthening our application security capabilities by leading the hands-on execution of SAST and DAST activities. This position is critical for effective communication across multiple stakeholders-including developers, product owners, and governance teams-to ensure secure software delivery.

Additionally, the role supports our strategic shift toward automated, scalable security practices, helping to maintain compliance and resilience. Overall, it enhances our ability to proactively manage risk and embed security throughout the SDLC.

Primary Responsibilities:

• Execute and manage SAST and DAST scans using tools like Veracode, Fortify, and WebInspect.

• Analyze scan results and coordinate remediation with development teams.

• Integrate security tools into CI/CD pipelines to support shift-left security.

• Communicate findings and collaborate with developers, product owners, and governance leads.

• Track metrics, document findings, and contribute to secure SDLC practices.

Qualifications:

• Minimum of 6-8 years of related experience.

• Bachelor's degree preferred or equivalent experience.

Talent needed for success

• Strong hands-on experience with SAST and DAST tools.

• Solid understanding of DevSecOps practices and CI/CD integration.

• Excellent communication skills to engage cross-functional teams.

• Familiarity with OWASP Top 10, secure coding standards, and vulnerability management.

• Experience with tools like SonarQube, Checkmarx, Veracode, and Burp Suite is preferred

Preferred Certifications

Candidates with one or more of the following certifications are strongly encouraged to apply:

• CSSLP - Certified Secure Software Lifecycle Professional (ISC²)

• CASE - Certified Application Security Engineer (EC-Council)

• GSSP-JAVA / GSSP-.NET - GIAC Secure Software Programmer (SANS)

• CAST - Certified Application Security Tester (IACRB)

• GWAPT - GIAC Web Application Penetration Tester (SANS)

• OSWE - Offensive Security Web Expert (OffSec)

• eWPT / eWPTX - eLearnSecurity Web Application Penetration Tester (Basic/Advanced)

• PNPT

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.