Application Security Assurance - DevSecOps - SAST/ DAST

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.

Pay and Benefits: 

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role:

This role is part of the Application Security Assurance team, which is responsible for ensuring secure software delivery across the enterprise. We integrate security into the Software Development Life Cycle (SDLC) using tools such as SAST, DAST, SCA, and container security, while also driving governance through DAVS and VAST. Our team collaborates closely with developers, product owners, and vendors to proactively manage application risks. This work directly supports DTCC’s broader mission of operational resilience and regulatory compliance.

The individual in this role will play a key part in strengthening our application security capabilities by leading the hands-on execution of SAST and DAST activities. This position is critical for effective communication across multiple stakeholders—including developers, product owners, and governance teams—to ensure secure software delivery.

Additionally, the role supports our strategic shift toward automated, scalable security practices, helping to maintain compliance and resilience. Overall, it enhances our ability to proactively manage risk and embed security throughout the SDLC.

Primary Responsibilities:

• Execute and manage SAST and DAST scans using tools like Veracode, Fortify, and WebInspect.
• Analyze scan results and coordinate remediation with development teams.
• Integrate security tools into CI/CD pipelines to support shift-left security.
• Communicate findings and collaborate with developers, product owners, and governance leads.
• Track metrics, document findings, and contribute to secure SDLC practices.

Qualifications:

• Minimum of 6-8 years of related experience.
• Bachelor's degree preferred or equivalent experience.

 Talent needed for success

• Strong hands-on experience with SAST and DAST tools.
• Solid understanding of DevSecOps practices and CI/CD integration.
• Excellent communication skills to engage cross-functional teams.
• Familiarity with OWASP Top 10, secure coding standards, and vulnerability management.
• Experience with tools like SonarQube, Checkmarx, Veracode, and Burp Suite is preferred

The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC’s subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC’s Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at www.dtcc.com or connect with us on LinkedIn, X, YouTube, Facebook and Instagram.

DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork.  When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind.

Learn more about Clearance and Settlement by clicking here.