We serve candidates globally, so we only activate Google Tag Manager and other analytics after you opt in. This keeps us aligned with GDPR/UK DPA, ePrivacy, LGPD, and similar rules. Essential features still run without analytics cookies.
🤖 15+ AI Agents working for you. Find jobs, score and update resumes, cover letter, interview questions, missing keywords, and lots more.
Application Penetration Tester at DTCC Candidate Experience Site - QATestingJobs.com
D
Application Penetration Tester
DTCC Candidate Experience Site • United States
hybridfull-time
Salary: $100,000 - $110,000 / year
Posted Feb 12, 2026Apply by Mar 14, 2026
Role & seniority: Application Security Engineer (information security role within Technology Risk Management); typically 4+ years of related experience; individual contributor level.
Stack/tools: Manual application penetration testing; web apps and APIs; Burp Suite, OWASP ZAP; Secure SDLC; vulnerability identification and dynamic analysis; risk assessments and security reviews.
Top 3 responsibilities
Perform Ethical Application Penetration Testing (EAPT) on web applications and APIs per DTCC standards.
Conduct security assessments, risk analysis, vulnerability testing, and security reviews; document findings and remediation steps for developers.
Coordinate security initiatives across DTCC teams; mentor/assist developers; contribute to secure coding practices and SDLC alignment.
Must-have skills
4+ years in application security or penetration testing; manual testing skills for web apps/APIs.
Strong proficiency with Burp Suite, OWASP ZAP, and related tools.
Knowledge of secure coding practices, SDLC, vulnerability identification, and regulatory/compliance awareness.
Ability to clearly communicate findings and remediation steps to developers; collaborative mindset.
Research-oriented for emerging app security technologies and trends.
Location & work type: Hybrid model (3 days onsite, 2
Full Description
Are you ready to make an impact at DTCC?
Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve.
The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance.
Pay and Benefits
Competitive compensation, including base pay and annual incentive
Comprehensive health and life insurance and well-being benefits, based on location
Pension / Retirement benefits
Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee).
The Impact you will have in this role
Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from existing and emerging security risks & improve application risk posture.
Primary Responsibilities
Perform Ethical Application Penetration Testing (EAPT) on web applications and APIs in alignment with DTCC processes and control standards.
Provide assistance to developers by detailing reported vulnerabilities and recommending remediation steps.
Ensure excellent coordination across various teams within DTCC to support security initiatives.
Ethical Application Penetration TestingWeb ApplicationsAPIsVulnerability RemediationApplication Security AssessmentsRisk AnalysisVulnerability TestingSecurity ReviewsSecure Coding Best PracticesThreat Intelligence MonitoringSecure System Development LifecycleBurp SuiteOWASP ZAPDynamic AnalysisCommunication SkillsCollaboration
Conduct application security assessments, risk analysis, vulnerability testing, and security reviews across DTCC’s businesses.
Monitor and mitigate risk, escalating issues as required.
Contribute to and maintain secure coding best practices and related guidelines.
Perform industry research on emerging application security technologies and trends to improve detection and reporting of security risks.
Mitigate risk by following established procedures, monitoring controls, spotting key errors, and demonstrating strong ethical behavior.
Collaborate with developers and AppSec teams to ensure adherence to Secure System Development Lifecycle (SDLC).
Contribute to testing efforts across a large portfolio (~300 applications annually) as part of the AppSec Defensive team.
Qualifications
Minimum of 4 years of related experience.
Bachelor's degree preferred or equivalent experience.
Talent needed for success
Hands-on experience in manual application penetration testing for web apps and APIs.
Knowledge of secure coding practices, dynamic analysis, and vulnerability identification.
Ability to communicate technical findings and remediation steps clearly to developers.
Understanding of Secure SDLC and regulatory compliance requirements.
Research-oriented mindset to adopt emerging security trends.
Strong collaboration and communication skills.
Additional Qualifications –
At least one certification would be preferred -
Penetration testing professional
Licensed Penetration Tester
Practical Web Pentest Associate
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
