Explore
Close
Your acceptance of all cookies will permit robust site functionality. If you don't allow cookies, some features and functionality of OCC's site may not operate as expected. If you do not choose either cookie setting for our site, or if you close this window, this message will continue to display on each page you visit. Cookie settings can be controlled in your Internet browser to automatically reject some forms of cookies. For more details on cookies this site uses, see our OCC Site Cookies page. In addition to using cookies, we retain other information, including your Internet Protocol (IP) address, for the purposes listed in the Privacy Policy.

Associate Principal, Security Implementation

Summary

 As an Associate Principal, Security Implementation Lead you will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries.  This team  is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities with respect to The OCC environment.

You would be a good candidate for this role if you like:

  • Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
  • Work very closely with other product owners and development leads of other scrum teams to prioritize security remediation effort for delivery
  • Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
  • Report to senior management on status, next steps, risks, dependencies
  • learning about new technologies and their secure implementation
  • finding security vulnerabilities and helping team fix them
  • thinking about problems and solving the root cause instead of just the current symptoms
  • sharing your knowledge with others

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

  • Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
  • Work very closely with other product owners and development leads of other scrum teams to prioritize security remediation effort for delivery
  • Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
  • Report to senior management on status, next steps, risks, dependencies
  • Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
  • Interacting with project teams to seek implementation and completion of security requirements
  • Documenting processes based on established guidelines
  • Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)

  • Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.

  • Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
  • Other job-related duties as assigned.

Supervisory Responsibilities:

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

  • Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
  • Understanding of Kanban and/or Agile methodologies.
  • Hands-on experience working in Agile and DevOps cultures,  focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.

  • Self-starter – takes the initiative to research, learn and deliver.  Anticipates the play.
  • Team player – humble, collaborative, and focused on making sure the entire team succeeds.
  • Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
  • Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
  • Ability to follow established processes
  • Ability to juggle several high visibility projects
  • Ability to read code in mainstream programming languages such as Python, C#, Java

Technical Skills:

  • Knowledge and experience with Security scanning tools such as Black Duck and Veracode
  • Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
  • Knowledge of Product Owner role. Product Owner certification is a plus.
  • Practicing Knowledge of Kanban / Scrum team mechanics with hands-on experience
  • Certification of some type of Project / Program management is a plus.
  • A total experience in technology and security landscape for 9 to 11 years is required.

Education and/or Experience:

  • Bachelor’s or Master’s Degrees in Computer Science, Information Systems or other related field.  Or equivalent work experience.

Certificates or Licenses:

Step 1
When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.  

Step 2
You will receive an email notification to confirm that we've received your application.

Step 3
If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location. 

For more information about OCC, please click here.

OCC is an Equal Opportunity Employer

Apply About OCC
  • REQ-1926
  • Chicago - 125 S Franklin
  • Full Time Regular
  • Posted: Feb. 2, 2021

How to Apply

Step 1 - When you find a position you're interested in, click the 'Apply' button. Please complete the application and attach your resume.

Step 2 - You will receive an email notification to confirm that we've received your application.

Step 3 - If you are called in for an interview, a representative from OCC will contact you to set up a date, time, and location.

OCC is an Equal Opportunity Employer

Numerous studies have shown that people from groups that are traditionally under-represented in financial services apply to jobs only if they believe they meet 100% of the requirements. We want to break down this mindset to further diversify our workforce.

We encourage you to review our open positions and apply if you think your experience may be a match, even if you do not meet all of the qualifications. Your perspective may be an element we need to continue building innovative solutions to support the markets and market participants we serve.

OCC is a globally recognized entity that clears a multitude of diverse and sophisticated products. We want to reflect this in the diversity of our workforce.

This web site discusses exchange-traded options issued by The Options Clearing Corporation. No statement in this web site is to be construed as an endorsement, recommendation or solicitation to purchase or sell a security, or to provide investment advice. Options involve risk and are not suitable for all investors. Prior to buying or selling an option, a person must receive a copy of the disclosure document, Characteristics and Risks of Standardized Options. Individuals should not enter into option transactions until they have read and understood this document. To obtain copies, contact your broker, any exchange on which options are traded, or The Options Clearing Corporation, 125 S. Franklin Street, Suite 1200, Chicago, IL 60606 ([email protected]).