Lead IT Risk and Security Engineer

Are you ready to make an impact at DTCC?

Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We're committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits:

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day outstanding to each team or employee).

The impact you will have in this role:

IT Security Management & Assurance Team in partnership with Technology and Risk Management protects DTCC assets in managing and reducing the security risks by mitigating the vulnerabilities and threats. 

The Lead IT Risk and Security Engineer is focused on partnering with various stakeholders from IT and Technology Risk Organization in leading the Security Vulnerability remediation efforts. Establish sustainable process and procedures to drive the remediation of vulnerabilities across different platforms and network devices.  Successful candidates must have strong experience in cybersecurity processes, vulnerability & incident/threat management. Additionally, understanding security patch management lifecycles as well as practical experience in working with Vulnerability management tools will be useful. A prime candidate is proactive, can multitask and work autonomously to support multiple teams and initiatives. 

What You'll Do :

• Review Vulnerability scan results for quality, including false positives and actionable remediation steps and track mitigation.
• Analyze, develop and assist in deploying remediation plans for vulnerabilities.
• Develop constant quality improvements of the vulnerability management function, in particular tools and processes.
• Support vulnerability analysis by ensuring optimal coverage of assets. Track and monitor key milestones, after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities.
• Communicate and share technical information with developers and infrastructure teams to drive remediation of vulnerabilities.
• Drive actionable metrics to streamline vulnerability detection, investigation, analysis, and remediation processes.
• Stay informed of latest threats, security vulnerabilities, and recommend solutions for technology in use by the company.
• Assist in leading risk assessments and developing risk-management strategies.
• Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior.

Qualifications:

• Minimum of 6 years of related experience.
• Hands on experience in Vulnerability scan.
• Experience in Network-based, application and cloud vulnerability scanners
• Bachelor's degree or equivalent experience

Additional Qualifications:

• Experience in analyzing and generating reports from scanners such as Rapid7, CrowdStrike, AquaSec etc.
• Experience in technical, functional, and operational aspects of cybersecurity incident handling and response.
• Understanding of SAST/DAST scans during application development.
• Prior experience communicating, presenting, and reporting to relevant stakeholders (status, post-incident report).
• Demonstrate understanding of IT security principles, concepts, policy, and regulations.
• Demonstrate ability to effectively document security controls.
• Excellent project management, planning, and analytical skills.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.