Job Description
Job Details
Work Location:
Toronto, Ontario, Canada
Hours:
37.5
Line of Business:
Technology Solutions
Pay Details:
$96,900 - $136,800 CAD
TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs. As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.
Job Description
As an Information Security Specialist, you will play a critical role in detecting, investigating, and responding to cyber threats targeting TD.
You will work within the Cyber Security Incident Response Team (CSIRT), leading in complex investigations, developing detection and hunting techniques, and strengthening our incident response capabilities.
This role requires an experienced security professional with deep technical expertise in incident handling and analysis, malware investigation and containment, and cyber kill chain. You will be responsible for identifying and mitigating cyberthreats, collaborating with stakeholders across Protect Platform, ITS, and business teams to reduce risk and enhance our security posture.
The personnel in this role will work as part of a cyber security operations team responsible for carrying out 24x7 security monitoring operations. Operations are carried out on a rotating shift schedule that involves occasional on-call and/or weekend support.
Essential Job Functions
Guide partners on a broad range of technology throughout incidents
Lead Cybersecurity Incidents and Cybersecurity events
Lead or contribute to containment and recovery plans for Cybersecurity Incidents
Contribute to the definition, development, and oversight of a global security management strategy and framework
Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TD businesses and network domains
Develop on-going operational enhancements for Cybersecurity including alerting, monitoring, and detection across multiple security domains
Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines
Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
Job Requirements
Minimum requirements for this position:
University degree or equivalent hands-on work experience
7+ years of hands-on relevant experience
Expert knowledge of Information Technology (IT) security and Incident Management practices across multiple cybersecurity domains
Strong hands-on experience with traditional incident response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent
Advanced hands-on experience in all modern Operating Systems (Windows/Linux/Cloud/Mobile)
Advanced scripting skills; ability to read data structures and software binary code
Advanced knowledge of enterprise technology controls, cybersecurity, and cyber risk issues
Strong communications, leadership and people-building skills within IT and/or Cybersecurity
Demonstrated ability to participate in complex, comprehensive and large projects
Ability to serve as a leading expert in technology controls and information security for project teams, the business, organization, and external vendors
Must be eligible for employment under regulatory standards applicable to the position
Preferred Qualifications
Extensive experience as an Incident commander or manager on complex information security and cybercrime-related incidents, coordinating with internal and external teams and vendors
Extensive experience with cybersecurity events and incidents related to network layer 7/application and internet-facing attacks
Experience briefing Senior Executives related to cybercrimes, incident triage, containment, and recovery
Experience authoring communications related to cybercrime and incident triage, containment, and recovery
Experience authoring and maintaining electronic and operational playbooks and other governance documentation
Understanding of security principles and frameworks such as NIST, SANS Top 20, OWASP Top 10, MITRE ATT&CK
Expert knowledge of SIEM and UEBA solutions (e.g., Splunk, Azure Sentinel) and related tools (CrowdStrike, Microsoft Defender for Endpoint, XSOAR)
Expert knowledge of forensics tools (e.g., EnCase, AXIOM, Autopsy, OSForensics, FTK Imager)
Certifications: GIAC (GCIA, GPEN, GWAPT, GCIH, GSEC, GCFA), CCNP, CCNA, CISSP, Cloud Security
Who We Are
TD is a leading global financial institution with a presence in Canada, the United States, and globally. TD is committed to client experience and fostering a respectful workplace where diverse perspectives are valued.
Our Total Rewards Package
Our Total Rewards package includes base salary, variable compensation, and benefits such as health and well-being plans, retirement programs, paid time off, banking benefits and discounts, career development, and recognition programs.
Additional Information
This job opportunity is subject to provincial regulation for employment purposes; regulations vary by province or territory in Canada.
Colleague Development
TD offers regular career development conversations, access to online learning, mentoring programs, and opportunities to grow within the company.
Training & Onboarding
Training and onboarding sessions will be provided to ensure you have what you need to succeed in the role.
Interview Process
We will contact candidates of interest to schedule an interview and aim to communicate outcomes by email or phone.
Accommodation
Accessibility accommodations are available during the interview process upon request.
We look forward to hearing from you!
Language Requirement (Quebec only):
Sans Objet
#J-18808-Ljbffr
