JerseyCityRecruiter Since 2001
the smart solution for Jersey City jobs

Application Security Red Team Director

Company: DTCC
Location: Jersey City
Posted on: November 16, 2021

Job Description:

Candidates can be located near our Jersey City, Tampa, Dallas or Boston offices Why you'll love this job: Being a member of the Application Security Red Team means you will be a part of the Technology Risk initiative to expand the Application Security Assurance program capabilities by combining the Threat Modeling, Manual secure code review and Advance Threat hunting techniques. The team will be responsible in performing the Threat modeling and assess the Threats at design stage and perform manual secure code reviews to assess the code level security risks which cannot be identified by automated scanners and also perform advance threat exploit techniques to prove the vulnerabilities with evidences in pre-production environment The Director of Application Security Red Team in OTR Application Security is responsible for leading, providing technical direction and strategy on all the matters related to above mentioned functions AppSec Threat modeling, Manual Secure code review, Sophisticated Threat hunting and Cloud Container Your Primary Responsibilities: Sets strategy, provide technical direction to the AppSec Red team to run capabilities like Application Threat modeling, Manual secure code review, Advance Threat hunting techniques and Container security Run day to day operations including Performing AppSec Threat modeling on the DTCC application design architectures, Manual secure code review of in-house developed and advance penetration testing techniques to identify the vulnerabilities which cannot be reported by automated DAST scanners Lead a robust team of AppSec Consultants and AppSec Specialists and coordinate with various partners and vendors as part of AppSec ecosystem. Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications. Defines and supervises application vulnerability and coverage KPIs/metrics to demonstrate assessment coverage and remediation efficiency Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product. Interacts with senior management on matters where they may need to gain acceptance on an alternate approach. Cultivate and maintain relationships with key partners at varying organizational levels Assist with executive communication to senior leadership teams on status of Application Security Red team programs. Note: Responsibilities of this role are not limited to the details above Talents needed for Success: At least 15 years of multifaceted IT experience, preferably in information security and related experience Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions (breadth) Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more Programming experience with at least one of the following: Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc) Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.) Experience working with DAST, SAST, and Penetration testing tools Experience with Application development build pipelines, automation, and CI/CD A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies Knowledge on large scale cloud-based services, Container security and very good understanding of security challenges involve in deploying Cloud and container applications Experience in facilitating technical conversations between engineering and operations teams. Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship. Excellent verbal and written communication skills Experience handling relationships with and addressing senior management Ability to work under stress, multitask and be flexible Strong planning and project management skills Highly desired - one or more of the following active certifications CSSLP, CISSP OSCP, GIAC GPEN We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. About DTCC DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry's needs and we're working to continually improve the world's most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle. Our work environment favors openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you'll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It's the chance to make a difference at a company that's truly one of a kind. Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.-- -

Keywords: DTCC, Jersey City , Application Security Red Team Director, Executive , Jersey City, New Jersey

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest New Jersey jobs by following @recnetNJ on Twitter!

Jersey City RSS job feeds