This job board retrieves part of its jobs from: Healthcare Jobs | Professional Careers | Toronto Jobs

Find jobs in the City of Toronto

To post a job, login or create an account |  Post a Job

  Toronto Jobs  

Bringing the best, highest paying job offers near you

previous arrow
next arrow
Slider

Information Security Specialist – Red Team

TD

This is a Contract position in Toronto, ON posted November 2, 2020.

Company Overview

Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think ”TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com

Department Overview

Building a World-Class Technology Team at TD

We can’t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD’s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.

TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.

There’s room to grow in all of it.

Job Description

The Information Security Specialist within Assurance Operations is responsible for ensuring technology controls are sufficiently protecting business risk, through the application of the Technology Risk & Control framework, and overseeing security standards, policies and procedures.
This role will take the traditional vulnerability assessment and build upon it, acting as “red team” members to evaluate the security of TD’s external networks, applications, sensitive internal systems, mobile device application and data coding standards. Our red team testers will need to go beyond the typical enumerating vulnerabilities through scanning and need to look at exploiting issues noted in the scanning, or discovering issues not picked up in security scanning.

The Information Security Specialist will,

  • Provide consultation and advice to partners on a broad range Technology Controls / Information Security programs / policies / standards and incidents for own specialized area;
  • Act as a lead expert resource in technology controls / information security for project teams, the business / organization and/or outside vendors;
  • Provide support in the discipline of the Cybersecurity Assurance Program
  • Participate in the development of new cyber security assessment practice services
  • Simulates malicious tactics of a motivated adversary with the intent of achieving a specific goal or access

Conduct penetration testing for the red team which includes:

  • Network, System, Application, Mobile, traditional web and wireless penetration testing
  • Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
  • Writing exploit code for local testing
  • Hardware Hacking
  • Social Engineering
  • Contribute to the definition, development, and oversight of a global security management strategy and framework;
  • Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology / security threats against TDBG’s business;
  • Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area;
  • Work proactively with technology partners / stakeholders and service/platform owners to ensure all technology security components are integrated into the bank’s overall Enterprise Architecture, and any control gaps are addressed;
  • Consult on Regulatory compliance requirements, reporting and questions;
  • Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities;
  • Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team.
  • Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise;
  • Define / develop / implement / manage standards, policies, procedures, and solutions that mitigate risk and maximize security, availability of service, efficiency and effectiveness.

Requirements

  • University Degree.
  • OSCP required
  • 7+ years of relevant experience.
  • Expert knowledge of IT security and risk disciplines and practices.
  • Advanced knowledge of organization, technology controls, security and risk issues.
  • Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
  • Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.
  • Strong written and verbal communication skills

Qualifications Preferred Qualifications – Here are the preferred qualifications for this role:

  • OSWE and OSEE or equivalents very strongly preferred
  • Experience with penetration testing highly desired
  • Wireless, Network and TCP/IP skills along with Unix command, bash scripting, and / or python coding required
  • A knowledge of adversarial activities in cyberspace with an understanding of intrusion set tactics, techniques, and procedures (TTP) with the ability to emulate these TTP to assess vulnerability and risk desired
  • Familiarity with Advanced Persistent Threat (APT) activity; Offensive attack hacker mindset preferred

Additional Information

Join in on what others in TD Technology Solutions are doing:

  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking,

Hours

37.5

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.