Information Security Specialist (Cyber Security Incident Response Team)

Information Security Specialist role with TD is to detect, investigate, and respond to cyber threats targeting TD. You will work within the Cyber Security Incident Response Team (CSIRT), leading in complex investigations, developing detection and hunting techniques, and strengthening our incident response capabilities. This role requires an experienced security professional with deep technical expertise in incident handling and analysis, malware investigation and containment, and cyber kill chain. You will be responsible for identifying and mitigating cyber threats, collaborating with stakeholders across Protect Platform, ITS, and business teams to reduce risk and enhance our security posture.

The personnel in this role will work as part of a cyber security operations team responsible for carrying out 24x7 security monitoring operations. Operations are carried out on a rotating shift schedule that involves occasional on-call and/or weekend support.

Essential job functions

• Guide partners on a broad range of technology throughout incidents
• Lead Cybersecurity Incidents and Cybersecurity events
• Lead or contribute to containment and recovery plans for Cybersecurity Incidents
• Contribute to the definition, development, and oversight of a global security management strategy and framework
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TD businesses and network domains
• Develop ongoing operational enhancements for Cybersecurity including alerting, monitoring, and detection across multiple security domains
• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
• Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise

Job Requirements

• Minimum requirements
• University degree or equivalent hands-on work experience
• 7+ years of hands-on relevant experience
• Expert knowledge of Information Technology (IT) security and Incident Management practices across multiple cybersecurity domains
• Strong hands-on experience with traditional incident response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent
• Advanced hands-on experience in modern Operating Systems (Windows/Linux/Cloud/Mobile)
• Advanced scripting skills; ability to read data structures and software binary code
• Advanced knowledge of enterprise technology controls, cybersecurity, and cyber risk issues
• Strong communications, leadership and people-building skills within IT and/or Cybersecurity
• Demonstrated ability to participate in complex, large projects
• Ability to serve as a leading expert in technology controls and information security for project teams, the business, organization, and external vendors
• Must be eligible for employment under regulatory standards applicable to the position

Preferred qualifications for this role

• Extensive experience as an Incident commander or manager on complex information security and cybercrime-related incidents, coordinating with internal and external enterprise teams, third parties and vendors
• Extensive experience working cybersecurity events and incidents related to network layer 7/application and internet-facing attacks
• Extensive experience briefing Senior Executives related to cybercrimes, information security incident triage, containment, and recovery
• Extensive experience authoring complex communications associated with cybercrime and information security incident triage, containment, and recovery
• Extensive experience authoring and maintaining playbooks and other governance documentation
• Understanding of Security principles and technologies such as NIST Cybersecurity Framework, SANS Top 20, OWASP Top 10, MITRE ATT&CK
• Expert knowledge of SIEM and UEBA solutions such as Splunk, Azure Sentinel or similar, along with experience of CrowdStrike, MS Defender for Endpoint, XSOAR
• Expert knowledge of forensics tools such as Encase, X-Ways, Autopsy, OSForensics, FTK Imager or similar
• Certifications: GIAC (GCIA, GPEN, GWAPT, GCIH, GSEC, GCFA), CCNP, CCNA, CISSP, Cloud security

Who We Are

TD is one of the world\'s leading global financial institutions and the fifth largest bank in North America by branches/stores. We deliver legendary customer experiences to millions of households and businesses in Canada, the United States, and around the world. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues. We are committed to being a leader in customer experience and provide opportunities for growth, development, and mentorship.

Our Total Rewards Package

Our Total Rewards package reflects investments in our colleagues and includes base salary, variable compensation, and plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and recognition programs. Learn more.

Additional Information

We are delighted you\'re considering a career with TD. We provide development conversations, training programs, and a competitive benefits plan to support colleagues at work and home. This job opportunity is subject to provincial regulation for employment purposes, and regulations may vary by province.

Colleague Development

We offer regular career development and performance conversations, access to online learning and mentoring to help you unlock future opportunities. TD supports various career paths and is committed to helping you identify opportunities that align with your goals.

Training & Onboarding

We will provide training and onboarding sessions to ensure you succeed in your new role.

Interview Process

We will reach out to candidates of interest to schedule an interview and communicate outcomes by email or phone.

Accommodation

Accessibility is important. Please let us know if you require accommodations to participate in the interview process.

We look forward to hearing from you!

Language Requirement (Quebec only): Sans Objet