Cybersecurity Incident Responder - Lead

Work Location

Toronto, Ontario, Canada

Hours

37.5

Line of Business

Technology Solutions

Pay Details

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.

As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Job Description

About This Role

We are looking for someone to guide a group of Cybersecurity Incident and Forensic first responders. You will provide specialized expertise on Cybersecurity Events, Incidents, and Digital Forensics. You will support learning and growth of our team members as a guide in Threat Defense Operations with a focus on mitigating risks to protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.

Meaningful work is fueled by meaningful performance and career development conversations with your manager.

Essential Job Functions

• Guide partners on a broad range of technology throughout reported alerts and case management and escalated incidents.

• The candidate should be continuing to advance their knowledge, skills and abilities in all cybersecurity domains (Incident Response, Forensics, Offensive cybersecurity, Cybersecurity intelligence and cybersecurity risk management)

• Possesses the ability to mentor and guide junior analysts through L1 and L2 investigations.

• Oversee shift operations and ensure 24x7x365 operational coverage is met

• Ensure conflicts with meetings, breaks and other engagements are managed to always ensure proper coverage

• Has a solid foundation, knowledge, skills and technical ability to investigate any cybersecurity events, tuning requirement for TD's cybersecurity control plane, and debug alerts to evaluate legitimacy and accuracy

• Can lead others through a Cybersecurity Events and Incidents

• Approve and direct escalations to L3 investigations and initiate an incident case when warranted

• Liaise with L3 and Fusion Incident Management to provide shift resources for open or ongoing incident investigations

• Monitor QA Daily, Incidents and L1/L2 dashboards to manage event handling

• Lead or contribute to containment and recovery plans for Cybersecurity Incidents

• Attend and represent Cyber Security Operations Center (CSOC) on situational calls

• Ensure every L3 escalation is included in the shift handover notes

• Contribute to the definition, development, and oversight of a global security management strategy and framework

• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TD businesses

• Develop on-going operational enhancements for Cybersecurity including alerting, monitoring, and detection across multiple security domains

• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines

• Adhere to, advise, oversee, monitor, and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities

• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise

Job Requirements

• University degree, preferred in information technology and/or information security.

• Information Security Certification / Accreditation are an asset.

• 5+ years of practical or relevant experience.

• Advanced knowledge of Information Technology (IT) security and Incident Management practices across multiple domains

• Candidate must possess advanced to strong hands-on experience in all modern Operating Systems (Window/NIX/Cloud/Mobile)

• Candidate must possess strong hands-on experience with traditional incidents response detection tools such as SIEM, EDR, XDR, Firewall, WAF, email proxies, NIDS, and equivalent.

• Advanced knowledge of organization, technology controls, cybersecurity, and risk assessment issues

• Strong leadership and people building within Information Technology and Cybersecurity

• Demonstrated ability to participate in complex, comprehensive or large projects and initiatives

• Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization, and outside vendors

• Must be eligible for employment under regulatory standards applicable to the position

Preferred Qualifications

• Advanced hands-on experience on all modern operating systems, roles base access, internal files structures, registries, and data storage

• Advanced experience as an Incident Manager working on complex information security and cybercrime-related incidents

• Advanced experience working events and incidents related to The OSI Layer 7/application attacks

• Advanced experience briefing executives related to cybercrime and information security incident triage, containment, and recovery

• Advanced experience authoring complex communications related to cybercrime and information security incidents

• Advanced experience authoring and maintaining playbooks and other process/governance documentation