Building a World-Class Technology Team at TD
We can’t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD’s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.
TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cybersecuritythreats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.
There’s room to grow in all of it.
About This Role
The Senior Information Security Analyst / Penetration Tester is expected to conduct formal security testing on web, mobile, APIs and infrastructure systems on both a planned and ad-hoc basis. The Penetration Tester will be a key adviser to security personnel on defensive strategies and work with other personnel to secure and reduce overall risk to the bank.
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:
- Performs thorough penetration testing that includes the identification, reporting, and recommendations for security vulnerabilities while adhering to management driven scope and deadlines
- Identifies, proves, and reports vulnerabilities that cannot be identified by scanners or tools
- Reviews and identifies false positives generated by scanners or tools
- Stays up to date on the latest exploits and security trends
- Delivers clear and coherent written reporting and remediation guidance
- Demonstrates the ability to assess risk and apply to remediation guidance
- Apply a teamwork philosophy with technology and partners, service or platform owners to integrate all technologysecurity components and address control gaps.
- Adhere to policies, procedures, technology control standards and regulatory guidelines.
- Contribute to internal activity and process review, flag windows for improvement.
- Influence behavior to reduce risk, foster a strong technologyrisk management culture.
- Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness.
- Manage relationships with othertechnology/business/corporate/control functions.
- Assess, identify and escalate issues appropriately.
Other duties as assigned
• Driving Requirements:
• Travel Requirements:
What can you bring to TD?Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position:
- University Degree.
- Information Security Certification / Accreditation an asset.
- 5-7years of relevant experience.
- Firm commitment to staying informed and abreast of emerging issues, industry trends etc.
- Advanced knowledge of one or more technology controls or security domains, disciplines and practices.
- Sound to advanced knowledge of business, technology controls, security and risk issues.
- Demonstrated ability to participate in projects of moderate to high complexity.
- Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives.
- Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
PreferredQualifications – Here are thepreferredqualifications for this role:
- Certified as GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) preferred
- Demonstrated experience with automated and manual penetration tools
- Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization
- Knowledge and understanding of banking or financial services industry
- Strong analytical skills with high attention to detail and accuracy