Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think “TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.
Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com
Building a World-Class Technology Team at TD
We can’t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD’s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.
TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.
There’s room to grow in all of it.
• Develop use cases in Cloud SIEM (Azure Sentinel) to detect advanced threats, actor techniques, anomalous or suspicious activity to identify potential and active risks to systems and data.
• Participate in creating innovative ways to use a wide range of security event data to advance detection methods and product capability.
• Integrate various data streams into SIEM platform, develop and improve correlations between various SIEM platform to enhance detection posture.
• Thoroughly document implementations, via technical documentation and playbooks for the client.
• Provide input and feedback for existing SIEM Cloud use cases, analyze and propose detection improvements.
• Design and drive technical plans toward security analytics management objectives such as: integration of events from cloud/on prem platforms to enterprise SIEM; implementation of use cases/policies; net new security use cases development to support Security Logging & Monitoring/UEBA, account for the effect of the evolving threat space on the overall set of existing security use cases.
• Develop and lead work-shopping activities for security use cases development and tuning, processes and playbooks for security event management use cases and security analytics on-boarding/ off-boarding, intake management, requirements analysis, remediation, and reporting.
• Categorize SIEM use cases using MITRE ATT&CK framework, participate on Purple team testing and ensure successful implementation.
• Customer facing role – Walk thru to white boarding of SIEM use cases development process and implementation planning to stakeholders
• Assist on improving security architectures for cloud cloud/hybrid systems.
• 3 to 5 years’ work experience in information security, cyber security, data protection or a related field
• Minimum of a two-year degree in information protection, computer forensics, computer information systems, computer science, or information systems management.
• Possess a firm understanding of the capabilities within Amazon Web Services (AWS), GCP, and Microsoft Azure platforms.
• Experience with cloud-hosted services, web-based applications, and server/service management feature
• Experience with the Microsoft cloud and/or stack including O365, Azure, Windows or other Microsoft software/services
• Familiarity with some or all of Microsoft Security set of technologies, and depth experience in at least 1 of the following: *Azure Sentinel, * Azure Security Center (ASC)* Windows Defender Advanced Threat Protection (WDATP)* Microsoft Cloud App Security Broker (CASB) Solutions – Microsoft Cloud App Security (MCAS) / Office 365 Cloud App Security (OCAS) / Azure AD Cloud App Discovery* Office 365 Advanced Threat Protection (O365 ATP)* Office 365 Threat Intel (O365 TI)* Azure Advanced Threat Protection (Azure ATP).
• Experience with modern security related subjects and trends such as threat hunting and modeling, digital forensics, reverse engineering, phishing, and penetration testing.
• Experience and exposure to threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
• Knowledge of applying native cloud security and monitoring services in the cloud, including network firewalls, access control lists, encryption, auditing and monitoring, alerting, secrets management, and compliance scanning
• Security Analytics and UBA: 3+ years of experience in performing security event management, security information event management and/ or security analytics configuration and management, security use case development and tuning, operational management and administration.
• Public Cloud: 2+ years of experience in performing security and compliance event management, security analytics configuration, security or UEBA use case development & tuning, and operational management & administration.
• Proven experience with the successful development and deployment of use cases correlating information from various heterogeneous security feeds/platforms (e.g.: threat intel feeds, IOC. EDR, APT intelligence, etc.).
• Strong interpersonal and communication skills; ability to work in a team environment.
• Ability to work independently with minimal direction; self-starter/self-motivated.
• An understanding of regulatory and Controls requirements: PCI, FFIEC, SOX, HIPAA, ISO 2700x, NIST standards.
• Azure Security Certification
• Professional IT security certification such as CISSP, CCSP, SANS Certified Intrusion Analyst (GCIA), CEH, GSEC and/or CISM is preferred
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.