To all recruitment agencies: TD Ameritrade does not accept agency resumes. Please do not forward resumes to our job alias, TD Ameritrade employees or any other company location. TD Ameritrade is not responsible for any fees related to unsolicited resumes.
• Develop, implement, and execute industry-leading vulnerability management services, vulnerability remediation and patch management oversight
• Lead technology vulnerability remediation efforts through cross functional working committees
• Lead Security Red Team Program to test effectiveness of Security controls and processes
• Manage planning and execution of corporate penetration testing engagements
• Identify and resolve false positive findings in assessment results
• Analyze threat and vulnerability feeds and analyze data for applicability
• Assess compensating controls and validate efficacy of existing controls
• Responsible for generating timely vulnerability assessment reports to management and stakeholders
• Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
• Recommend security controls and/or corrective actions for mitigating technical and business risk
• Maintain an awareness of existing and proposed security standards, industry best practices, legislation and regulations pertaining to information security and recommend appropriate changes
• Manage department staff, including performance and development planning
• Monitoring and analysis of industry and privately obtained vulnerability data
• Collaboration with Security, Technology and Risk teams to drive the effective remediation of identified vulnerabilities
• Monitoring and analysis of threat management feeds and reports
• Development of threat reports and metrics, including enterprise security threat model
• Development and analysis of security vulnerability and threat reports with technology, security and corporate business units
• Collaboration with technology partners to validate and optimize effectiveness of risk mitigation efforts.
• Development of Red Team exercise strategy and areas of concentrated focus
• Publication of Red Team exercise reports detailing red team assessment results and recommendations
• Collaboration with risk teams to drive the effective implementation of red team recommendations and management of associated risks
• Hold regular status meetings with direct reports
• Complete comprehensive performance and career development plans for staff
• Bachelor’s degree in a related field and/or a minimum of 5 years of equivalent experience.
• 5+ years of experience in performing vulnerability assessments
• Experience securing multiple platforms and operating systems
• A solid understanding of network design and architecture
• Expert understanding of the OSI model and TCP/IP
• An understanding of regulatory requirements: PCI, SOX, HIPAA, ISO 27002 standard
• Military education or experience may be considered in lieu of civilian requirements list.