WayUp
DTCC, Application Penetration Tester - Application via WayUp
WayUp, Tampa, Florida, us, 33646
Job Overview
This Application Penetration Tester role is with DTCC. WayUp is partnering with DTCC to hire top talent.
At DTCC, the Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high‑quality information through development, building infrastructure capabilities to meet client needs, and implementing data standards and governance.
Pay & Benefits
Competitive compensation, including base pay and annual incentive
Comprehensive health and life insurance and well‑being benefits, based on location
Pension / Retirement benefits
Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being.
DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
Impact & Responsibilities Technology Risk Management (TRM) is responsible for setting strategic direction in IT Risk and Information Security, maintaining corporate security policies and control standards, serving as a second line of defense, reporting to leadership and the Board, monitoring threat intelligence, responding to incidents, and serving as the main interface for regulatory and client reviews. The Application Security Assurance program implements a variety of AppSec technologies, controls, tools and processes to protect DTCC applications from existing and emerging security risks and improve application risk posture.
Perform Ethical Application Penetration Testing (EAPT) on web applications and APIs in alignment with DTCC processes and control standards.
Provide assistance to developers by detailing reported vulnerabilities and recommending remediation steps.
Ensure excellent coordination across various teams within DTCC to support security initiatives.
Conduct application security assessments, risk analysis, vulnerability testing, and security reviews across DTCC’s businesses.
Monitor and mitigate risk, escalating issues as required.
Contribute to and maintain secure coding best practices and related guidelines.
Perform industry research on emerging application security technologies and trends to improve detection and reporting of security risks.
Mitigate risk by following established procedures, monitoring controls, spotting key errors, and demonstrating strong ethical behavior.
Collaborate with developers and AppSec teams to ensure adherence to Secure System Development Lifecycle (SDLC).
Contribute to testing efforts across a large portfolio (~300 applications annually) as part of the AppSec Defensive team.
Qualifications
Minimum of 4 years of related experience.
Bachelor's degree preferred or equivalent experience.
Additional Qualifications
Hands‑on experience in manual application penetration testing for web apps and APIs.
Strong proficiency with penetration testing tools (Burp Suite, OWASP ZAP, etc.).
Knowledge of secure coding practices, dynamic analysis, and vulnerability identification.
Ability to communicate technical findings and remediation steps clearly to developers.
Understanding of Secure SDLC and regulatory compliance requirements.
Research‑oriented mindset to adopt emerging security trends.
Strong collaboration and communication skills.
At least one preferred certification:
Penetration Testing Professional
Licensed Penetration Tester
Practical Web Pentest Associate
Salary & Legal Information The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
We are an equal‑opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
About DTCC With over 50 years of experience, DTCC is the premier post‑trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. In 2024, DTCC’s subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion.
#J-18808-Ljbffr
At DTCC, the Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high‑quality information through development, building infrastructure capabilities to meet client needs, and implementing data standards and governance.
Pay & Benefits
Competitive compensation, including base pay and annual incentive
Comprehensive health and life insurance and well‑being benefits, based on location
Pension / Retirement benefits
Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well‑being.
DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
Impact & Responsibilities Technology Risk Management (TRM) is responsible for setting strategic direction in IT Risk and Information Security, maintaining corporate security policies and control standards, serving as a second line of defense, reporting to leadership and the Board, monitoring threat intelligence, responding to incidents, and serving as the main interface for regulatory and client reviews. The Application Security Assurance program implements a variety of AppSec technologies, controls, tools and processes to protect DTCC applications from existing and emerging security risks and improve application risk posture.
Perform Ethical Application Penetration Testing (EAPT) on web applications and APIs in alignment with DTCC processes and control standards.
Provide assistance to developers by detailing reported vulnerabilities and recommending remediation steps.
Ensure excellent coordination across various teams within DTCC to support security initiatives.
Conduct application security assessments, risk analysis, vulnerability testing, and security reviews across DTCC’s businesses.
Monitor and mitigate risk, escalating issues as required.
Contribute to and maintain secure coding best practices and related guidelines.
Perform industry research on emerging application security technologies and trends to improve detection and reporting of security risks.
Mitigate risk by following established procedures, monitoring controls, spotting key errors, and demonstrating strong ethical behavior.
Collaborate with developers and AppSec teams to ensure adherence to Secure System Development Lifecycle (SDLC).
Contribute to testing efforts across a large portfolio (~300 applications annually) as part of the AppSec Defensive team.
Qualifications
Minimum of 4 years of related experience.
Bachelor's degree preferred or equivalent experience.
Additional Qualifications
Hands‑on experience in manual application penetration testing for web apps and APIs.
Strong proficiency with penetration testing tools (Burp Suite, OWASP ZAP, etc.).
Knowledge of secure coding practices, dynamic analysis, and vulnerability identification.
Ability to communicate technical findings and remediation steps clearly to developers.
Understanding of Secure SDLC and regulatory compliance requirements.
Research‑oriented mindset to adopt emerging security trends.
Strong collaboration and communication skills.
At least one preferred certification:
Penetration Testing Professional
Licensed Penetration Tester
Practical Web Pentest Associate
Salary & Legal Information The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
We are an equal‑opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
About DTCC With over 50 years of experience, DTCC is the premier post‑trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. In 2024, DTCC’s subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion.
#J-18808-Ljbffr