|Date Posted||April 9, 2021|
Cyber Security Engineer
Are you ready to explore a world of possibilities?
Join our DTCC family, and you’ll grow your expertise and become the best version of you. As you embark on a new journey, you’ll tackle challenges with flexibility and grace, learning new skills and advancing your career while having the time of your life.
Why You’ll Love This Job:
Being a member of our Risk Management team, you’ll work to protect the safety and soundness of our systems and will identify, handle, measure and mitigate a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.
Your Primary Responsibilities:
- Will conduct automated and manual tests of information systems, to include review of previous vulnerability scans, compliance scans/results, penetration testing.
- Use a variety of techniques to perform tests and assessments, such as threat modeling, threat simulation and social engineering.
- Researching and understanding a wide variety of systems and emerging technologies.
- Develop test plans, operation schedules, perform tests and prepare after-action reports for information systems. Candidates will also document tests in accordance with DTCC Information Security Policies and CSAT standard operating procedures.
CSAT security projects range in complexity and duration. Projects are ongoing, based on NPOV, threat modeling throughout the year. The level of effort and number of security assessors varies depending on the criticality of the system, technology, and schedule.
- Testing is conducted worldwide, the ability to travel in CONUS and internationally is required.
**NOTE: Responsibilities of this role are not limited to the details above. **
Talents Needed for Success:
- The ideal candidate would be a Security Professional who would have in addition to regular Security Professional abilities, both of the following skill sets:
- 5 years of Professional Level experience in one of the following fields: Networking, Firewalls, Server Administration, Encryption, Databases, Development
- SOC experience which may include IDS/Sourcefire, Wireshark, or Packet level forensics analysis experience.
- Should be comfortable researching and understanding a wide variety of existing and emerging technology, have the ability to participate in the aggressive testing schedule of the Cyber Security Assessment Team (CSAT) and appropriately contribute to the daily workload of a highly skilled and diverse group of security assessment testers.
- Have a broad knowledge of security methodologies, solutions and best practices, and have expert level knowledge of one or more domains.
- Have a broad knowledge of the technical and non-technical tactics, techniques and procedures used by adversaries to exploit information systems. Candidates should be able to conduct advanced tests that simulate malicious users.
- Have experience with multiple open source and commercial testing tools. A non-comprehensive list includes Nessus, App Detective, Metasploit, Burp Suite, and nmap.
- Advanced understanding of the strengths and weaknesses of security tools. Ability to select the right tool for the job. Ability to configure and troubleshoot tools if necessary.
- Be comfortable using, configuring, troubleshooting, and administrating both UNIX based and Microsoft operating systems. Candidate should also have extensive systems engineering experience with at least one of these OSs.
- Candidate should understand the security guidelines published by the National Institute of Standards (800-53) (800-115).
- Have the ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of data related to complex systems. Ability to articulate thoughts and findings in a concise and comprehensive manner. Candidate should also have a strong professional bearing.
We offer top class training and development for you to be an asset in our organization!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
DTCC safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry’s needs and we’re working to continually improve the world’s most resilient, secure and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost and bring stability and certainty to the post-trade lifecycle.
Our work environment favors openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind.
Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.