Cyber Security Engineer

Are you ready to make an impact at DTCC?

n

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

n

Pay and Benefits:

n

n- Competitive compensation, including base pay and annual incentive n- Comprehensive health and life insurance and well-being benefits, based on location n- Pension / Retirement benefits n- Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. n- DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). n

n

The impact you will have in this role:

n

Be an active member of an Agile/ Kanban squad passionate about implementing the best business practices in the form of iterative configuration dedicated to improving the security posture and resiliency within DTCC. Be an inspiring leader in the Zero Trust framework when providing mentorship with integrations to the Vault environment, including authentication and authorization, network security, principle of least privilege, end-to-end encryption, and data protection. Work closely with the squad members, business members and product owner to find opportunities to advance capability and automation of secret engines, tools, and applications. Adopt a horizontal platform team demeanor, collaborate with multi-functional teams to ensure the integration of Vault with other systems and processes. Proactively participate in activities such as disaster recovery exercises and audits. You are willing to learn & support multiple technologies in Cybersecurity Engineering as part of ARSENAL Squad with a main focus on Secrets Management and IAM technologies. You will be comfortable researching and understanding a wide variety of existing and emerging technology, can participate in the aggressive testing schedule of the Cyber Security Assessment Team (CSAT) and appropriately contribute to the daily workload of a highly skilled and diverse group of security assessment testers.

n

Your Primary Responsibilities:

n

n- Conduct automated and manual tests of information systems, to include review of previous vulnerability scans, compliance scans/results, penetration testing. n- Use a variety of techniques to perform tests and assessments, such as threat modeling, threat simulation and social engineering. n- Researching and understanding a wide variety of information systems and emerging technologies. n- Develop test plans, operation schedules, perform tests and prepare after-action reports for information systems. n- Document tests in accordance with DTCC Information Security Policies and CSAT standard operating procedures. n

n

Qualifications:

n

n- Minimum of 6 years of related experience n- Bachelor's degree in related field and/or equivalent experience n

n

Talents Needed for Success:

n

n- 2+ Years working with System/Service monitoring n- Basic understanding of Identity management n- Experience with Kubernetes or other container orchestration systems n- 3-5 years’ of demonstrated ability managing Linux Environments n- Familiarity with NIST and Zero Trust Framework n- Be a proficient problem-solver with an ability resolve problems effectively and creatively while maintaining a high level of flexibility, professionalism, and integrity n- Have a broad knowledge of security methodologies, solutions and standard processes, and have expert level knowledge of one or more domains. n- Solid understanding of the technical and non-technical tactics, techniques and procedures used by adversaries to exploit information systems. Candidates should be able to conduct sophisticated tests that simulate malicious users. n- Have experience with multiple open source and commercial testing tools. A non-comprehensive list includes Nessus, App Detective, Metasploit, Burp Suite, and nmap. n- Proven knowledge of the strengths and weaknesses of security tools. Ability to select the right tool for the job. Ability to configure and troubleshoot tools if vital. n- Be comfortable using, configuring, troubleshooting, and administrating both UNIX based and Microsoft operating systems. Candidate should also have extensive systems engineering experience with at least one of these OSs. n

n

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

n

n

.