Your acceptance of all cookies will permit robust site functionality. If you don't allow cookies, some features and functionality of OCC's site may not operate as expected. If you do not choose either cookie setting for our site, or if you close this window, this message will continue to display on each page you visit. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. For more details on cookies this site uses, see our OCC Site Cookies page. In addition to using cookies, we retain other information, including your Internet Protocol (IP) address, for the purposes listed in the Privacy Policy.

Associate Principal, Security Engineer


 As an Associate Principal, Security Engineer you will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries.  This team is  responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also  responsible for assessing the total risk of the vulnerabilities with respect to The OCC environment.

You would be a good candidate for this role if you like:

  • learning about new technologies and their secure implementation
  • finding security vulnerabilities and helping team fix them
  • thinking about problems and solving the root cause instead of just the current symptoms
  • sharing your knowledge with others

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

  • Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
  • Performing threat modeling on products, even if they don't fit a common pattern
  • Reliably estimating the likelihood of given threats when building a threat model
  • Conducting code reviews
  • Interacting with project teams to seek implementation and completion of security requirements
  • Documenting processes based on established guidelines
  • Identifying or writing exploit code for high complexity vulnerabilities such as remote code execution, memory corruption or SQL injection
  • Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
  • Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
  • Troubleshoot environments as problems arise, test fixes, and perform follow-ups to ensure problems have been adequately resolved.
  • Collaborate with development, platform automation, security teams.
  • Other job-related duties as assigned.

Supervisory Responsibilities:


The requirements listed are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

  • Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
  • Understanding of Kanban and/or Agile methodologies.
  • Hands-on experience working in Agile and DevOps cultures,  focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
  • Hands-on security engineering experience.
  • Self-starter – takes the initiative to research, learn and deliver.  Anticipates the play.
  • Team player – humble, collaborative, and focused on making sure the entire team succeeds.
  • Experience in building threat models for web applications
  • Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
  • Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
  • Ability to follow established processes
  • Ability to juggle several high visibility projects
  • Ability to read code in mainstream programming languages such as Python, C#, Java

Technical Skills:

  • Capability and hands-on experience with Vulnerability scanning tools/utilities
  • Ability to provide solutioning and testing the solutions before providing details to development community
  • 6+ years programming/scripting experience in languages  such as Java, Bash, Python or Go.
  • 2+ years hands on with continuous integration and continuous delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
  • 2+ years of experience in technology delivery in a DevOps and Cloud Engineering environment (AWS Preferred); relevant industry certifications such as AWS Solutions Architect Associate or similar are a plus.
  • Demonstrable experience of automation.

Education and/or Experience:

  • Bachelor’s or Master’s Degrees in Computer Science, Information Systems or other related field.  Or equivalent work experience.

Certificates or Licenses:

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.  

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. 

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer

Apply About OCC
  • REQ-1937
  • Chicago - 125 S Franklin
  • Full Time Regular
  • Posted: Feb. 18, 2021

How to Apply

Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.

Step 2 - You will receive an email notification to confirm that we've received your application.

Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

OCC is an Equal Opportunity Employer

Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.

We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.

OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.

This web site discusses exchange-traded options issued by The Options Clearing Corporation. No statement in this web site is to be construed as an endorsement, recommendation or solicitation to purchase or sell a security, or to provide investment advice. Options involve risk and are not suitable for all investors. Prior to buying or selling an option, a person must receive a copy of the disclosure document, Characteristics and Risks of Standardized Options. Individuals should not enter into option transactions until they have read and understood this document. To obtain copies, contact your broker, any exchange on which options are traded, or The Options Clearing Corporation, 125 S. Franklin Street, Suite 1200, Chicago, IL 60606 ([email protected]).