Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.
Stay current and competitive. Carve out a career for yourself. Grow with us.
Reporting to the Head of Cyber Security Incident Response Team (CSIRT), the successful candidate will be part of a specialized Incident and Malware response team and will be accountable for managing and coordinating activities related to cyber security related events and incidents.
This role requires excellent communications skills as the individual will be dealing with various teams and executives across multiple lines of business as well as external partners.
Overall responsibilities include:
- Perform cyber incident response and malware response to investigate incidents;
The Cyber Incident Response Specialist works with Line of Businesses, help desk and ITS personnel, developers, testers, business analysts and core service consumers to ensure thorough analysis of incidents and business circumstances involved. Activities include troubleshooting and testing to identify the possible cause of incidents; determining the appropriate course of action to resolve the issues with minimal business disruption, and establishes processes to ensure application availability.
The primary purpose of this position is:
Overall responsibilities include:
Cyber-Security Incident Management including incident coordination, root cause analysis and resolution
Managing issues in production environments, recommending, coordinating and managing necessary fixes, and upgrades.
The Cyber Incident Response specialist will serve as liaison between departments as well as maintaining necessary documentation in the support of various core services.
The specialist will ensure resolution of reported incidents of medium and high complexity in accordance with established standards, policies, procedures, configuration guidelines and service level agreements for core services and applications
Utilizes Application knowledge to effectively troubleshoot, diagnose and resolve problems.
Interfaces with Line of Business Units, Service Desk, ITS infrastructure and Development areas to ensure problem is resolved.
Assists Application Support Manager in developing/revising policies and procedures for supporting new and ongoing applications.
Escalates inquiries to other support partners, or specialists to resolve system issues and acts as a liaison until problem is resolved.
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analysis of relevant event detail and summary information;
Analyze malware and/or spam and/or phishing or any other malicious content by conducting reverse engineering techniques and employing industry tools;
The successful candidates should possess demonstrated experience in the following areas
Experience performing incident response (3-5 years);
Experience working within a wide range of environments to include Linux, UNIX, Windows in addition to a strong understanding of networking, the OSI model, and TCP/IP protocols
Initiative, solid judgment, and strong work ethic requiring minimal supervision;
Must be able to communicate technical details in a clear, understandable manner
Experience with SIEM tools in particular Splunk is an asset.
Working knowledge of EDR and antivirus technology.
Experience with forensics tools (e.g. Encase) and methodologies is an asset
Excellent communication skills.
Ability to balance multiple priorities and meet deadlines in a fast-paced and changing environment; must be flexible.
Development knowledge, in particular C# and Java is an asset.
Ability to understand business impact and prioritize issues/projects.
Demonstrated ability to work effectively with others, particularly in teams.
Strong analytical skills, managerial skills and skills interfacing with end-users.
On-call duty is assumed for this position
Education – A bachelor’s degree in computer science or equivalent field is desired, but each candidate will be reviewed on their own merits and qualifying experience.
CISSP/GCIH/GREM/CISA/CEH certification is an asset
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.
Job Category - Primary
310-320 Front Street West Corporate