Associate Principal, Security Engineering
Who We Are
The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 3 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
Summary
OCC is seeking a Blue Team Security Engineer to increase OCC's security posture to manage all threats against organization operations, assets or individuals by engaging in focused simulations consisting of intelligence gathering, network & application penetration testing. The candidate must also have experience with assessing complex cloud-based computing environments. Work in collaboration with internal departments and system users. Demonstrate technical knowledge to proactively write documentation to comply with current standards. Provide senior level security technical expertise to the team. Grow and support the virtualization, cloud, and automation efforts.
Members of the Blue Team are expected to have exceptionally strong ethics, integrity and be accountable for their actions. The Blue Team must have a healthy, competitive and bar-raising relationship with the individuals who monitor and deploy OCC’s preventative and detective controls.
The ideal team member will have extensive experience in more than one of the following security testing domains: Network/Application, Web Application, Mobile Application, and Operating System. This candidate must be driven, a stellar communicator, enthusiastic and have the desire to stay ahead of today’s emerging threats and actor techniques.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
Conduct various activities such as:
Performing Cloud assessments, Web Application Penetration Testing, Mobile Application Testing, Network and Operating System Assessments.
Understand vulnerabilities and develop relevant exploits/payloads for use during test exercises.
Perform security risk assessment, threat analysis and threat modeling.
Perform independent reviews of OCC’s security, network, applications and cloud environments.
Plan/Design/Execute security related artifacts and activities.
Stay on-time, on-budget, and within scope of testing activities.
Develop clear detailed reports and recommendations based on concrete evidence.
Debrief users and provide remediation strategy on findings.
Ensure alignment of security controls in OCC’s testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices.
Assist management with the improvement of policy and procedure to support Security Testing and Blue Team activities as well as other security duties which may arise.
Participate in developing security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends.
Adhere to the best practices and work for delivering secured and quality products.
Consult with technical experts and system owners on all aspects of Information Security and Compliance.
Work closely with Production Support staff, Incidence Response, and IT infrastructure to increase organizational security posture.
Support OCC’s security objectives and remediation efforts relating to Security Assurance and Testing.
Supports and successfully completes Audits.
Participate in “Lessons Learned” process to provide information to help OCC improve practices, methodologies, tools, and other technologies.
Stay current on emerging technology trends and the threat landscape.
Advise IT on current and emerging threats, their attack vectors, and how to mitigate them.
Train full-time and contingent Security Testing Blue Team personnel.
Support Security Assurance management and activities and be a Team Player.
Perform other duties as assigned.
Supervisory Responsibilities:
None
Qualifications:
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
High-energy, results driven person with an attention to detail.
Exceptional analytical, problem solving and troubleshooting skills with the ability to exercise good judgment while developing creative solutions.
Exceptional tactical planning skills based on long-term strategic goals.
Exceptional verbal/written communication skills to be able to articulate ideas clearly and concisely.
Excellent listening skills.
Cloud engineering and assessment experience, and training with focus on development of secure enterprise solutions
Strong understanding of container technologies including engineering, development and assessment
Excellent focused domain areas of expertise as well as a good breadth of experience across Network/Application
Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, and Operating System Assessment.
Proven due diligence and research ability via open source avenues and technology.
Strong familiarity with enterprise technologies; strong technical background and understanding of security-related technologies.
Good applicable knowledge of policy and procedure development, systems analysis, Information Assurance (IA) policy, vulnerability management, and risk management
Strong knowledge of cryptography (symmetric, asymmetric, hashing) and its various applications.
Strong knowledge of common enterprise infrastructure technology stacks and network configurations.
Exhibit ability to understand and probe/exploit a diverse range of Network and Internet Protocols.
Exhibit ability to understand and modify code in a diverse range of programming languages and frameworks; must have direct practical experience with one or more high level programming language.
Ability to facilitate meetings and conversations.
Ability to work with business users, understand their needs and translate those needs to the final project deliverables.
Technical Skills:
Excellent proficiency in network, application, wireless and physical security.
Excellent proficiency in cryptography.
Proficiency with the penetration testing tools-of-the-trade (Kali Linux or other Linux distros, , , , Cobalt Strike, Metasploit, nMap, Qualys, Maltego, Burp Suite, etc.).
Strong experience with scripting or programming.
Experience with Windows, Unix, Cisco, platforms and controls.
Proficient in creating content with Microsoft Office (Word, Excel, PowerPoint, Visio).
Proficient in basic document management in a Microsoft SharePoint or similar environment.
Experience with dedicated document management tools (e.g., DMS, PolicyTech) a plus.
Experience with using ServiceNow a plus.
Education and/or Experience:
BS in Computer Science, Information Management, Information Security or other comparable technical degree from an accredited college/university or equivalent work experience
5+ Years’ experience penetration testing, Application Security Testing or related areas.
5+ Years’ experience in Information Assurance or Information Security environment.
Certificates or Licenses:
Security-related certifications (AWS Certified Solutions Architect, AWS Certified Security Specialty, etc.) are highly desired.