Application Security Assurance Associate Director

Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.

Pay and Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits
• Pension
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).

The Impact you will have in this role

As a member of the CISO organization, this role provides strategic leadership for application security governance across DTCC’s container platforms by unifying container security and vulnerability management into a cohesive, risk‑driven control framework. The leader owns the design, delivery, and continuous improvement of platform‑native AppSec controls—spanning build, deployment, and runtime—ensuring security is embedded through automation, policy‑as‑code, and standardized guardrails. By partnering closely with Cloud, Platform, and Application teams, this role enables secure scaling of containerized workloads while reducing material risk, improving vulnerability signal quality, and ensuring controls are audit‑ready, measurable, and aligned to DTCC’s regulatory and risk management expectations.

Your Primary Responsibilities

• Execute application security assessments at scale.
• Conduct application security assessments, risk analysis, vulnerability testing, and security reviews across DTCC businesses in alignment with established processes and DTCC Control Standards.
• Identify, monitor, and elevate risk.
• Monitor application security risk, validate findings, track remediation, and elevate material issues in accordance with DTCC risk and escalation procedures.
• Enable consistent security outcomes.
• Coordinate effectively with application development, infrastructure, database, and platform teams to ensure timely assessment, remediation, and risk mitigation.
• Operate and optimize AppSec tooling.
• Manage and maintain the tools, servers, and supporting infrastructure used for application vulnerability testing and analysis, ensuring reliability, coverage, and effective use.
• Strengthen secure development practices.
• Contribute to, maintain, and promote secure coding standards, guidelines, and best practices across engineering teams.
• Continuously improve detection capabilities.
• Research emerging application and container security trends, tools, and techniques—including AI‑enabled capabilities—and apply them pragmatically to improve detection, prioritization, and reporting.
• Uphold strong risk and ethics discipline.
• Mitigate risk by following established procedures, monitoring controls, identifying control gaps or errors, and consistently demonstrating strong ethical judgment.

Qualifications

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience
• Relevant certification, for example CISM, CISSP, Burp Suite Certified Practitioner

Talents Needed for Success

• Container and cloud‑native security expertise.
• Strong hands‑on experience securing containers, Kubernetes, and cloud‑native workloads across build, deploy, and runtime.
• Modern AppSec execution.
• Practical experience with container scanning, SBOMs, image signing, runtime protection, and CI/CD security integration.
• Automation mindset.
• Ability to apply automation and AI‑enabled capabilities to reduce manual effort and improve prioritization and scale.
• Delivery‑focused leadership.
• Proven ability to lead small teams or pods, manage execution, and deliver measurable security outcomes.
• Risk‑based thinking.
• Comfortable prioritizing container and application risk in partnership with engineering teams.
• Clear communicator.
• Able to explain technical risk and remediation expectations clearly to engineers and security leadership.
• Continuous improvement orientation.
• Demonstrates curiosity, learning mindset, and willingness to evolve practices as platforms and threats change.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.