Building a World-Class Technology Team at TD

We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD's technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.

TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.

There's room to grow in all of it.

About the team:

Working out of TD Bank's fusion center in Singapore, we are part of TD's global group of technology, security and risk professionals, working also from U.S, and Toronto. Our aim is to assess, prioritize, and mitigate business risk with technology controls.

The Cyber Security Incident Response Team (CSIRT) is responsible for protecting the Bank, its assets and reputation, by supporting incidents and events resulting from internal and external threats. It's a global team running 24x7 in a follow-the-sun model.

Job Description:
As CSIRT team leader, you will perform deep dives on complex events, providing point of entry, data exfiltration, and root cause analysis, or process breakdown on these events and their impact on the bank. You will actively hunt for malware in active investigations. You will provide updates to relevant Fusion partners and remediation strategies for immediate containment or to mitigate future attacks.

Job Requirements:

Knowledge and Skills

• At least 10 years of experience in Information Security Operations with focus on Digital Forensics and Incident Response (DFIR) or Threat Hunting.
• Ability to performed static and dynamic malware analysis.
• Advanced Knowledge and experience with security alert analysis, incident and event management, log analysis, Network traffic analysis, Malware investigation and remediation, SIEM correlation logic and alert generation and Threat Actor Tactics, Techniques and Procedures (TTPs).
• Expert Knowledge and hands-on experience with SIEM-based detection use-cases and enterprise grade Endpoint Detection and Response solutions.
• Hands on experience with Cloud Security Monitoring is highly desired.
• Working knowledge on Enterprise grade forensics and malware analysis tools is preferred.
• Cybersecurity certifications from renowned provider like Sans Institute, ISC2 is highly desired.
• Prior experience working in the Financial Services sector is highly desired.
• Excellent communication and organizational skills, including the ability to present options in business terms to both IT and business staff including executives.
• Strong analytical skills with demonstrated ability to apply analysis to actionable insights.
• The working hours for this role will be from 7am to 4pm daily and will also include on-call responsibilities on a rotational basis (with allowance).