TD Bank InfoSec Specialist - Cloud Application Security in Alexandria, Virginia
InfoSec Specialist - Cloud Application Security
About TD Bank, America's Most Convenient Bank®
TD Bank, America's Most Convenient Bank, is one of the 10 largest banks in the U.S., providing more than 8 million customers with a full range of retail, small business and commercial banking products and services at approximately 1,300 convenient locations throughout the Northeast, Mid-Atlantic, Metro D.C., the Carolinas and Florida. In addition, TD Bank and its subsidiaries offer customized private banking and wealth management services through TD Wealth®, and vehicle financing and dealer commercial services through TD Auto Finance. TD Bank is headquartered in Cherry Hill, N.J. To learn more, visit www.tdbank.com. at http://www.tdbank.com/ Find TD Bank on Facebook at www.facebook.com/TDBank and on Twitter at www.twitter.com/TDBank_US .
TD Bank, America's Most Convenient Bank, is a member of TD Bank Group and a subsidiary of The Toronto-Dominion Bank of Toronto, Canada, a top 10 financial services company in North America. The Toronto-Dominion Bank trades on the New York and Toronto stock exchanges under the ticker symbol "TD". To learn more, visit www.td.com at http://www.td.com/ .
Auto req ID:
Building a World-Class Technology Team at TD
We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open
PLEASE REFER TO THE QUALIFICATION SECTION FOR SPECIFIC ROLE REQUIREMENTS
What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position:
Information Security Certification / Accreditation an asset.
7+ years of relevant experience.
Expert knowledge of IT security and risk disciplines and practices.
Advanced knowledge of of organization, technology controls, security and risk issues.
Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.
Must be eligible for employment under regulatory standards applicable to the position.
PLEASE REFER TO THE QUALIFICATION SECTION FOR SPECIFIC ROLE REQUIREMENTS
About This Role
We are looking for someone to develop and implement Technology Controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:
Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
Lead or contribute to the completion of risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy.
Contribute to the definition, development, and oversight of a global security management strategy and framework.
Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG’s business.
Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise .
Other duties as assigned • Driving Requirements: • Travel Requirements:
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live in and serve, and creating an environment where every employee has the opportunity to reach their potential.
If you are a candidate with a disability and need an accommodation to complete the application process, email the TD Bank US Workplace Accommodations Program at USWAPTDO@td.com . Include your full name, best way to reach you, and the accommodation needed to assist you with the application process.
EOE/Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Delaware, District of Columbia, New Jersey, New York, Virginia
Alexandria, Mount Laurel, New York City, Washington, Wilmington
Preferred Qualifications - Here are the preferred qualifications for this role:
The person in this role will be the technical lead for a small, but growing, team of Cyber Security professionals working with automated and manual TTP’s, various penetration testing tools. The lead will ensure the success of cloud assessments from beginning to end. This includes responsibility for meeting with systems owners, scoping assessments, development and delivery of assessment reports, briefing system owners and stake holders.
Primarily, the focus of this position is on leading the security assessments of GOV-Cloud systems (Amazon AWS, Google Cloud, and Microsoft Azure and O365, among others), assessing the risks inherent in a cloud implementation, and how that impacts the traditional “on premises” existing architecture.
Secondarily, the candidate should have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, risk assessments, secure coding practices or threat modeling. The ability to mentor and train the other team members in these technologies is a key duty of a Team Lead.
Be a self-starter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, strong written and verbal communication skills, and recognizing the importance of being a team player.
Provides direct supervisory guidance to senior and mid-level team members.
Oversees and approves technical requirements of systems supporting Red Cell Cloud operations.
Ensures cloud team members are qualified and capable of supporting the Red Cell mission. • Manage cloud assessment operations and administrative tasks
Assess and enhance current processes for the testing of cloud implementations and vulnerability assessments of those implementations.
Recommend mitigation and remediation strategies based upon the class and category of vulnerability
Develop all processes, policies and operational procedures
Briefs executive summary and findings to stakeholders to include Sr. Leadership
Researches and maintains proficiency in offensive tools, techniques, countermeasures, and trends in computer network and cloud vulnerabilities, data hiding and network security and encryption.
Provide support to incident response teams through capability enhancement and reporting.
Provide mentoring and guidance to junior, mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis
University degree or/equivalent and 10 years related work experience, required
Must possess at least six (6) years of substantive IT knowledge including four (4) years of combined hands-on Penetration Testing and cloud security experience, and demonstrate hands-on expertise and/or training in areas of cloud and mobile technologies. Must have experience leading a team of penetration testers and/or cloud security analysts.
In addition the candidate must possess the following skill set:
Able to lead Cloud Vulnerability Assessments using Automated and Manual TTPs.
Have a strong understanding of Application vulnerabilities and attacks like SQLi, Serialization Attacks, XSS, CSRF, and HTTP Flooding.
Strong understanding of Cloud offerings and technologies such as GCP, Azure, AWS,365, IaaS, SaaS, PaaS
Strong understanding of Identity, Credential, and Access Management (ICAM) technologies and providers
Must be able to use at least two of the following proficiently and instruct others on them: Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
Must have solid working experience and knowledge of Windows and Unix/Linux operating system
A demonstrated ability to mentor and train junior team members
A familiarity of Network and System architecture analysis. Fundamentals of network routing & switching and assessing network device configurations
Mt Laurel - Technology Center - 17000 Horizon Way
TD Bank AMCB
Job Category - Primary:
District of Columbia
New York City
Federal law prohibits job discrimination based on race, color, sex, sexual orientation, gender identity, national origin, religion, age, equal pay, disability and genetic information.