Application Security Assurance Associate Director

About The Position

Requirements

• Minimum of 8 years of related experience
• Bachelor's degree preferred or equivalent experience
• API security expertise. Strong hands‑on experience securing APIs, services, and integrations, including authN/authZ, OAuth/OIDC, schema validation, rate limiting, and data protection.
• Model‑driven and automation mindset. Experience designing or operating model‑driven, context‑aware, or orchestrated security capabilities that improve prioritization and decision‑making.
• Security tooling and platform ownership. Proven experience managing security tools and supporting infrastructure, and integrating them with CI/CD, runtime, and observability platforms.
• Risk assessment and escalation judgment. Ability to evaluate API and integration risk, track remediation, and escalate appropriately within defined governance models.
• Cross‑team coordination. Strong ability to work across application, platform, cloud, and infrastructure teams to drive outcomes without direct authority.
• Secure design influence. Ability to translate API security risks into practical design guidance and standards for engineering teams.
• Continuous learning orientation. Actively tracks API, application, and AI‑enabled security trends and applies them responsibly.
• Integrity and accountability. Demonstrates attention to detail, consistency in following controls, and strong ethical behavior.

Nice To Haves

• Relevant certification, for example CISM, CISSP, Burp Suite Certified Practitioner

Responsibilities

• Establish and operate API security capabilities. Design, implement, and run API discovery, inventory, assessment, and monitoring capabilities across DTCC applications, aligned to DTCC Control Standards.
• Build MCP‑style security enablement. Develop and maintain model‑driven, context‑aware capabilities (e.g., correlation, orchestration, prioritization) that integrate API, application, and runtime security signals.
• Conduct targeted security assessments. Perform API and application security assessments, risk analysis, and security reviews, identifying design and implementation weaknesses in authentication, authorization, data exposure, and integration patterns.
• Monitor, mitigate, and escalate risk. Track API‑related vulnerabilities and control gaps, validate remediation, and escalate material risk in accordance with DTCC risk and escalation procedures.
• Operate and optimize tooling and platforms. Manage tools, services, and infrastructure supporting API discovery, testing, and analysis; partner with infrastructure, platform, and application teams to ensure effective and reliable use.
• Enable secure integration patterns. Contribute to and maintain API security standards, secure design guidance, and best practices for development teams.
• Continuously evolve detection capabilities. Research emerging API and AI‑driven security techniques and apply them pragmatically to improve detection, signal quality, and reporting.
• Demonstrate strong risk and ethics discipline. Follow established procedures, monitor controls, identify weaknesses, and consistently demonstrate sound judgment and ethical behavior.

Benefits

• Competitive compensation, including base pay and annual incentive
• Comprehensive health and life insurance and well-being benefits, based on location
• Pension / Retirement benefits
• Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
• DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).