Senior Manager, Information Security - Threat Hunting
Building a World-Class Technology Team at TD
We can’t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD’s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.
TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cybersecuritythreats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.
There’s room to grow in all of it.
About This Role
Reporting to the AVP, Threat Intelligence and Analytics, the Senior Manager. Threat Hunting is responsible for leading a team in the detection, disruption, and the eradication of threat actors from enterprise networks. The Threat Hunting team will use advanced analytics, threat intelligence, and cutting-edge securitytechnologies to participate in threat actor based investigations, create new detection methodologies, and provide subject matter expertise to incident response and monitoring functions. The Senior Manager, Threat Hunting will also directly support the Cyber Security Operations Center and otherinternal teams by applying analytic and technical skills to investigate intrusions, identify malicious activity, and potential insider threats.
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:
- Lead threat hunting operations using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and mitigate threat actors on the network
- Develop advanced methodologies to identify threat actor groups and associated tools, techniques and procedures
- Produce metrics and develop dashboards to identify potential threats, suspicious/anomalous activity, malware, etc.
- Drive the tuning of detection infrastructure with technology teams to identify emerging threats
- Document best practices to enhance analyst playbooks, response procedures, and courses of action
- Support the Cyber Security Operations Center and otherinternal teams by applying analytic and technical skills to investigate intrusions, identify malicious activity, and potential insider threats
- Ensure team follows internal policies and procedures, technology control standards and applicable regulatory guidelines.
- Adhere to and advise on, oversee, monitor, enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
- Grow team expertise so it aligns with company demand and TD’s direction; assess team skills and capabilities and find ways to improve value delivered.
- Responsible for management of the overall team(s) providing both leadership and guidance.
- Set targets and objectives for the team.
- Provide coaching, development, succession, recruitment, resource management and overall team leadership for team members, regularly contribute to performance and development plans.
Other duties as assigned
• Driving Requirements: as needed
• Travel Requirements: as needed
What can you bring to TD?Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position:
- University Degree.
- Information Security Certification / Accreditation an asset.
- 10+ years of relevant experience.
- Advanced knowledge of the business and technology standards.
- Thought leadership with deep expertise and knowledge of the business and technology standards.
- Experience leading, overseeing/managing a team or group(s) of moderate to large or in size, scope, risk and complexity.
- Excellent communication, negotiation and organizational skills, including the ability to present options in business terms to both IT and business staff including executives.
PreferredQualifications – Here are thepreferredqualifications for this role:
- At least 5years of previous experience working in hunt teams, threat intelligence, incident response, or security operations
- Strong working knowledge of security-relevant data, including network protocols, ports and common services, such as TCP/IPnetwork protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, Active Directory etc.)
- Completion of at least one of the following: GCIA, GPEN, GWAPT, GCIH, GSEC, CCNP, CISSP
- Ability to define events vs. alerts vs. incidents for the organization, and create incident classification, severity, and priority tables in line with all threats, risks and vulnerabilities
- Ability to develop and document Intelligence intelligence artifacts such advisories, AoA (Anatomy of Attack) and relevant detection and mitigation patterns