Lead IT Risk and Security Engineer at DTCC Candidate Experience Site

Chennai, tamil nadu, India -

Full Time

Start Date

Immediate

Expiry Date

12 May, 26

Salary

0.0

Posted On

11 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cyber Security, Incident Response, Threat Detection, Forensic Analysis, Network Security, Data Analysis, Security Monitoring, Threat Intelligence, Custom Threat Detections, Documentation, Collaboration, Regulatory Compliance, Networking, Security Technologies, Windows, Linux

Industry

Financial Services

Description

Are you ready to make an impact at DTCC? Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development? At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. The Information Technology group delivers secure, reliable technology solutions that enable DTCC to be the trusted infrastructure of the global capital markets. The team delivers high-quality information through activities that include development of essential, building infrastructure capabilities to meet client needs and implementing data standards and governance. Pay and Benefits: Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact you will have in this role: Perform analysis of historical security alerts and incidents for further enhancement/modification of use cases to ensure alert precision and low false positive rate. Develop dashboards, reports, use cases, to detect potential compromises and sophisticated APT actors within the DTCC landscape. Provide support for the Cyber Monitoring and Incident Response Team for forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as needed during active investigations. Collaborate with the Global Threat Intelligence team to develop indicators of compromise (IOC’s) for specific cyber threat actors/groups and to understand their tactics, techniques, and procedures (TTP’s). Analyze the signatures that cyber attackers leave behind to develop custom threat detections. Assist in maintaining security alert definition portfolio for all cyber monitoring tools that are monitored by the Cyber Monitoring and Incident Response. Develop and maintain threat detection use cases with a Risk Management approach, that can maintain an accurate picture of DTCC’s security risk posture, provide visibility into assets, and leverage use of network logging to quantify risk and detect advanced persistent threats that could potentially impact the organization. Perform required validation of existing cyber detections to ensure the effectiveness. Research and deconstruct cyber attacks into sequenced Indicators Of Compromise (IOCs) to create abstract rules for active threat detection. Conduct open ended analysis of large data sets in order to find network activity baselines and abnormalities for threat detection use case development. Customize queries, promote advanced searching, forensics and analytics, and advance creative solutions to complex problems. Create and maintain complex documentation to fulfil regulatory compliance requirements. Collaborate and participate in network penetration assessments to ensure complete coverage. Leadership Competencies for this level include Accountability: Demonstrates reliability by taking necessary actions to continuously meet required deadlines and goals. Global Collaboration: Applies global perspective when working within a team by being aware of own style and ensuring all relevant parties are involved in key team tasks and decisions. Communication: Articulates information clearly and presents information effectively and confidently when working with others. Influencing: Convinces others by making a strong case, bringing others along to their viewpoint; maintains strong, trusting relationships while at the same time is comfortable challenging ideas. Innovation and Creativity: Thinks boldly and out of the box, generates new ideas and processes, and confidently pursues challenges as new avenues of opportunity. Qualifications: At least 5 years of experience in Cyber security field. Degree in Computer or Software Engineering, Computer Science, Information Management, Information Science or equivalent hands-on work experience. Demonstrated ability to interact with business and technical audiences across all levels of an organization. Background in intrusion detection, security investigations, and incident response. Strong knowledge and understanding of networking including IP, TCP/UDP, and common application layer protocols (E.g. HTTP, HTTPS, SSL, FTP). Security knowledge across multiple security domains and technologies (e.g., operating systems, databases, networking, applications, identity and access management). Working knowledge of Snort signatures, Yara, Regex, Sigma, and programming/scripting knowledge desired. Strong understanding of common security technologies (e.g., firewalls, IDS/IPS, WAF, threat analytic platforms, SIEM, Database monitoring platforms, host based and network based forensic tools, email gateways, web proxies/filtering end point anti-virus, etc.). User-level understanding of common IT technologies (e.g., service management systems, CMDB, IP management systems, Active Directory). Experience working with threat intelligence reports, IOAs, IOCs, TTPs. Strong knowledge of and experience working in Windows and Linux environments. Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as: Logs and events processing, Incident Management, and Detection and/or Response tool development Provide subject matter expertise during critical incident investigations and threat hunting efforts. A solid understanding of the current threat landscape including knowledge of different threat actor profiles and threats against the financial services industry. Solid understanding of various SIEM concepts such as correlation, aggregation, normalization, and parsing. Solid understanding of the Cyber Kill Chain, MITRE ATT&CK Framework and campaign strategies. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. With over 50 years of experience, DTCC is the premier post-trade market infrastructure for the global financial services industry. From 20 locations around the world, DTCC, through its subsidiaries, automates, centralizes, and standardizes the processing of financial transactions, mitigating risk, increasing transparency, enhancing performance and driving efficiency for thousands of broker/dealers, custodian banks and asset managers. Industry owned and governed, the firm innovates purposefully, simplifying the complexities of clearing, settlement, asset servicing, transaction processing, trade reporting and data services across asset classes, bringing enhanced resilience and soundness to existing financial markets while advancing the digital asset ecosystem. In 2024, DTCC’s subsidiaries processed securities transactions valued at U.S. $3.7 quadrillion and its depository subsidiary provided custody and asset servicing for securities issues from over 150 countries and territories valued at U.S. $99 trillion. DTCC’s Global Trade Repository service, through locally registered, licensed, or approved trade repositories, processes more than 25 billion messages annually. To learn more, please visit us at www.dtcc.com or connect with us on LinkedIn, X, YouTube, Facebook and Instagram. DTCC proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A DTCC career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind. Learn more about Clearance and Settlement by clicking here. To maintain strong alignment between IT and the business, we are bringing together all Solutions-focused teams under a unified technology organization, IT Solutions. The newly-formed IT Solutions department combines Application Development and Enterprise Application Support functions, allowing us to leverage synergies to support the Solutions business lines.

Responsibilities

The Lead IT Risk and Security Engineer will analyze historical security alerts and incidents to enhance use cases, develop dashboards and reports, and support the Cyber Monitoring and Incident Response Team. They will also collaborate with the Global Threat Intelligence team to develop indicators of compromise and maintain security alert definitions.