Information Security Specialist - Cyber Security Incident Response

Work Location:
Toronto, Ontario, Canada

Hours:
37.5

Line of Business:
Technology Solutions

Pay Details:
$96,900 - $136,800 CAD

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.

As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Job Description:

• • As an Information Security Specialist, you will play a critical role in detecting, investigating, and responding to cyber threats targeting TD.
  • You will work within the Cyber Security Incident Response Team (CSIRT), leading in complex. Investigations, developing detection and hunting techniques, and strengthening our incident response capabilities.
  • This role requires an experienced security professional with deep technical expertise in incident handling and analysis, malware investigation and containment, and cyber kill chain. You will be responsible for identifying and mitigating cyberthreats, collaborating with stakeholders across Protect Platform, ITS, and business teams to reduce risk and enhance our security posture.
  The personnel in this role will work as part of a cyber security operations team responsible for carrying out 24x7 security monitoring operations. Operations are carried out on a rotating shift schedule than involves occasional on-call and/or weekend support.
  Here are the essential job functions of this position:
  
  • Guide partners on a broad range of technology throughout incidents
  • Lead Cybersecurity Incidents and Cybersecurity events
  • Lead or contribute to containment and recovery plans for Cybersecurity Incidents
  • Contribute to the definition, development, and oversight of a global security management strategy and framework
  • Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TD businesses and network domains
  • Develop on-going operational enhancements for Cybersecurity including alerting, monitoring, and detection across multiple security domains
  • Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines
  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
  • Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
  • Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
  Job Requirements
  
  • Here are the minimum requirements for this position:
  • University degree or equivalent hands-on work experience
  • 7+ years of hands-on relevant experience
  • Expert knowledge of Information Technology (IT) security and Incident Management practices across multiple cybersecurity domains.
  • Candidate must possess strong hands-on experience with traditional incidents response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent
  • Candidate should possess advanced hands-on experience in all modern Operating Systems (Window/NIX/Cloud/Mobile)
  • Should have advanced scripting skills, can read data structures and software binary code
  • Advanced knowledge of Enterprise, technology controls, cybersecurity, and cyber risk issues
  • Strong communications, leadership and people building skills within Information Technology and/or Cybersecurity
  • A demonstrated ability to participate in complex, comprehensive and large projects
  • Has the ability to serve as a leading expert in technology controls and information security for project teams, the business, organization, and external vendors
  • Must be eligible for employment under regulatory standards applicable to the position
  Preferred qualifications for this role:
  
  • Extensive experience as an Incident commander or manager working on complex information security and cybercrime-related incidents, requiring coordination with internal and external enterprise teams, as well as third parties and vendors, partners
  • Extensive experience working cybersecurity events and incidents related to network layer 7/application and internet facing attacks •
  • Extensive experience briefing Senior Executives related to cybercrimes, information security incident triage, incident containment, and incident recovery
  • Extensive experience authoring complex communications associated with cybercrime and information security incident triage, incident containment, and incident recovery •
  • Extensive experience authoring and maintaining electronic and operational playbooks, and other process/governance documentation.
  • Understanding of Security principles, techniques and technologies such as NIST Cybersecurity Framework, SANS Top 20 Critical Security Controls and OWASP Top 10, MITRE Attack.
  • Expert knowledge of SIEM and UEBA solutions such as Splunk, Azure Sentinel or similar, along with experience of CrowdStrike, MS Defender for Endpoint, XSOAR.
  • Expert knowledge of forensics tools such as Encase, Axiom, Autospy, OSForenscis, FTK imager or similar.
  • Certifications: GIAC (GCIA, GPEN, GWAPT, GCIH, GSEC, GCFA), CCNP, CCNA, CISSP, Cloud security
• Additional Job Description
  Additional Job Description
  • As an Information Security Specialist, you will play a critical role in detecting, investigating, and responding to cyber threats targeting TD.
  • You will work within the Cyber Security Incident Response Team (CSIRT), leading in complex. Investigations, developing detection and hunting techniques, and strengthening our incident response capabilities.
  • This role requires an experienced security professional with deep technical expertise in incident handling and analysis, malware investigation and containment, and cyber kill chain. You will be responsible for identifying and mitigating cyberthreats, collaborating with stakeholders across Protect Platform, ITS, and business teams to reduce risk and enhance our security posture.
  The personnel in this role will work as part of a cyber security operations team responsible for carrying out 24x7 security monitoring operations. Operations are carried out on a rotating shift schedule than involves occasional on-call and/or weekend support.
  Here are the essential job functions of this position:
  
  • Guide partners on a broad range of technology throughout incidents
  • Lead Cybersecurity Incidents and Cybersecurity events
  • Lead or contribute to containment and recovery plans for Cybersecurity Incidents
  • Contribute to the definition, development, and oversight of a global security management strategy and framework
  • Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TD businesses and network domains
  • Develop on-going operational enhancements for Cybersecurity including alerting, monitoring, and detection across multiple security domains
  • Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines
  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
  • Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
  • Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
  Job Requirements
  
  • Here are the minimum requirements for this position:
  • University degree or equivalent hands-on work experience
  • 7+ years of hands-on relevant experience
  • Expert knowledge of Information Technology (IT) security and Incident Management practices across multiple cybersecurity domains.
  • Candidate must possess strong hands-on experience with traditional incidents response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent
  • Candidate should possess advanced hands-on experience in all modern Operating Systems (Window/NIX/Cloud/Mobile)
  • Should have advanced scripting skills, can read data structures and software binary code
  • Advanced knowledge of Enterprise, technology controls, cybersecurity, and cyber risk issues
  • Strong communications, leadership and people building skills within Information Technology and/or Cybersecurity
  • A demonstrated ability to participate in complex, comprehensive and large projects
  • Has the ability to serve as a leading expert in technology controls and information security for project teams, the business, organization, and external vendors
  • Must be eligible for employment under regulatory standards applicable to the position
  Preferred qualifications for this role:
  
  • Extensive experience as an Incident commander or manager working on complex information security and cybercrime-related incidents, requiring coordination with internal and external enterprise teams, as well as third parties and vendors, partners
  • Extensive experience working cybersecurity events and incidents related to network layer 7/application and internet facing attacks •
  • Extensive experience briefing Senior Executives related to cybercrimes, information security incident triage, incident containment, and incident recovery
  • Extensive experience authoring complex communications associated with cybercrime and information security incident triage, incident containment, and incident recovery •
  • Extensive experience authoring and maintaining electronic and operational playbooks, and other process/governance documentation.
  • Understanding of Security principles, techniques and technologies such as NIST Cybersecurity Framework, SANS Top 20 Critical Security Controls and OWASP Top 10, MITRE Attack.
  • Expert knowledge of SIEM and UEBA solutions such as Splunk, Azure Sentinel or similar, along with experience of CrowdStrike, MS Defender for Endpoint, XSOAR.
  • Expert knowledge of forensics tools such as Encase, Axiom, Autospy, OSForenscis, FTK imager or similar.
  • Certifications: GIAC (GCIA, GPEN, GWAPT, GCIH, GSEC, GCFA), CCNP, CCNA, CISSP, Cloud security

Who We Are:

TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we strive to make every interaction, product, and experience remarkably human and refreshingly simple for over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to foster deeper relationships, ensure disciplined execution, and build a simpler, faster banking experience. TD is deeply committed to being a leader in client experience, that is why we believe that all colleagues, no matter where they work, are client facing. Together, we are reimagining what banking can be for our clients, colleagues and communities.

Our Total Rewards Package
Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more

Additional Information:
We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home.

Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements.

Colleague Development

If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities.

If you're passionate about helping clients and building deep, lasting relationships, TD offers diverse career paths where you can grow your expertise and make a meaningful impact.

We're committed to your success and foster a respectful workplace where diverse perspectives are valued, everyone has fair opportunities to grow, and you can unlock your full potential to achieve your career goals. Here at TD, we hire and develop the best.

Training & Onboarding
We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role.

Interview Process
We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.

Accommodation
Your accessibility is important to us. Please let us know if you'd like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process.

We look forward to hearing from you!

Language Requirement (Quebec only):
Sans Objet