Dir., Sécurité de l'information

Lieu De Travail:

Toronto, Ontario, Canada

Horaire:

0

Secteur D’activité:

Solutions technologiques

Détails De La Rémunération:

$91,200 - $136,800 CAD

La TD a à cœur d’offrir une rémunération juste et équitable à tous les collègues. Les occasions de croissance et le perfectionnement des compétences sont des caractéristiques essentielles de l’expérience collègue à la TD. Nos politiques et pratiques en matière de rémunération ont été conçues pour permettre aux collègues de progresser dans l’échelle salariale au fil du temps, à mesure qu’ils s’améliorent dans leurs fonctions. Le salaire de base offert peut varier en fonction des compétences et de l’expérience du candidat, de ses connaissances professionnelles, de son emplacement géographique et d’autres besoins particuliers du secteur et de l’entreprise. En tant que candidat, nous vous encourageons à poser des questions sur la rémunération et à avoir une conversation franche avec votre recruteur, qui pourra vous fournir des détails plus précis sur ce poste.

Job Description Cette position gère des testeurs d’intrusion de niveau junior, la coordination des fournisseurs pour plusieurs services de test, les processus, procédures et la planification pour les tests d’intrusion, les analyses dynamiques et la revue de code manuelle.

Responsibilities

Vendor Management: Manage and coordinate penetration testing engagements with vendors.

People Management: Manage a team of Junior level penetration testers and their development.

DAST: Manage the DAST program and tooling. Familiarity with current industry tooling and technologies and those being introduced.

Facilitate Penetration Tests: Perform thorough and methodical penetration testing.

Evaluate and Assign: penetration tests to appropriate resources.

Vulnerability Assessment: Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture.

Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.

Develop Test Procedures: Design and execute detailed test requirements.

Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective.

Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements; work closely with advisory and SDLC pipeline teams to ensure compliance; work closely with PCS team to manage PCI testing requirements. This position will collaborate with many application security teams.

Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies.

Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies.

Incidents: Act as a testing SME on incident calls; support testers on the calls.

Requirements

Technical Skills:

Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali.

Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles.

Penetration testing, DAST, Manual Code Review knowledge.

Analytical Skills: Strong analytical and problem-solving abilities with attention to detail.

Organizational Skills: Manage documents and procedures for testing team.

Multi-tasking: This job requires exceptional ability to multi-task with multiple workstreams to manage daily.

Communication: Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.

Ethical Standards: Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards.

Preferred Qualifications

Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing.

Familiarity with security standards and frameworks.

Previous experience managing and developing teams.

Certifications: Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.

Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities.

Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team.

#J-18808-Ljbffr