Listing Description
Company Overview
About TD Bank, America’s Most Convenient Bank®
TD Bank, America’s Most Convenient Bank, is one of the 10 largest banks in the U.S., providing more than 8 million customers with a full range of retail, small business and commercial banking products and services at approximately 1,300 convenient locations throughout the Northeast, Mid-Atlantic, Metro D.C., the Carolinas and Florida. In addition, TD Bank and its subsidiaries offer customized private banking and wealth management services through TD Wealth®, and vehicle financing and dealer commercial services through TD Auto Finance. TD Bank is headquartered in Cherry Hill, N.J. To learn more, visit www.tdbank.com. Find TD Bank on Facebook at www.facebook.com/TDBank and on Twitter at www.twitter.com/TDBank_US.
TD Bank, America’s Most Convenient Bank, is a member of TD Bank Group and a subsidiary of The Toronto-Dominion Bank of Toronto, Canada, a top 10 financial services company in North America. The Toronto-Dominion Bank trades on the New York and Toronto stock exchanges under the ticker symbol “TD”. To learn more, visit www.td.com.
Department Overview
Building a World-Class Technology Team at TD
We can’t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD’s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.
TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.
Job Description
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here's some of what you may be asked to perform:
TD has a requirement for experienced penetration testers/ red teamers to take the traditional vulnerability assessment and build upon it, acting as “red team” members to evaluate the security of TD’s external networks, applications, sensitive internal systems, mobile device application and data coding standards. Our red team testers will need to go beyond the typical enumerating vulnerabilities through scanning, and need to look at actually exploiting issues noted in the scanning, or discovering issues not picked up in security scanning. The red team members will conduct targeted and coordinated testing that simulates real-world attacks that would not be seen in a typical pen test.
The candidate will be expected to follow our assessment process, which includes three components:
• Discovery: Working with the team to discover TD networks, applications, and mobile assets. Gather key information including registration data, operating system, patch, and service version information, and system and application configurations.
• Vulnerability Identification: Based on what they learn during the discovery phase, they will then take steps to test the discovered environment or requested applications for real world security issues. Using a variety of applicable tools, including in-house and commercially available programs, they will create a real-world scenario where they attempt to compromise systems, applications, and mobile security, gain access to resources, or disrupt and exploit system services.
• Exploitation: As a red team member, they will exploit vulnerabilities with applications, as detected during the identification stage, to determine the level of impact to the enterprise, had someone with malicious intent attempted the same action.
Specific Responsibilities of Position:
• Provide support in the discipline of the Cybersecurity Assurance Program
• Participate in the development of new cyber security assessment practice services
• Simulates malicious tactics of a motivated adversary with the intent of achieving a specific goal or access
• Conduct penetration testing for the red team which includes; Network, System, Application, Mobile, traditional web and wireless penetration testing
• Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
• Writing exploit code for local testing
• Hardware Hacking
• Social Engineering
Requirements
Required Skills:
• 5+ years of experience delivering penetration testing consulting engagements
• Red Team or Ethical Hacking experience
• Experience delivering vulnerability management assessments and consulting
• Must have outstanding written and verbal communication and presentation skills
• Ability to work with others effectively
• Ability to continually refine the vulnerability assessment and penetration testing methods and deliverables
• Cross trained in multiple attack methods
• Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various testing tools
Desired Skills:
• Experience with penetration testing highly desired
• Security Certifications such as CEH, CISSP, CISM, OSCP, OSCE
• Wireless, Network and TCP/IP skills
• Unix command, bash scripting, python coding
• Hardware hacking
• Knowledge of adversarial activities in cyberspace with an understanding of intrusion set tactics, techniques, and procedures (TTP) with the ability to emulate these TTP to assess vulnerability and risk
• Familiarity with Advanced Persistent Threat (APT) activity; Offensive attack hacker mindsetDiscovery: Working with the team to discover TD networks, applications, and mobile assets. Gather key information including registration data, operating system, patch, and service version information, and system and application configurations.
Vulnerability Identification: Based on what they learn during the discovery phase, they will then take steps to test the discovered environment or requested applications for real world security issues. Using a variety of applicable tools, including in-house and commercially available programs, they will create a real-world scenario where they attempt to compromise systems, applications, and mobile security, gain access to resources, or disrupt and exploit system services.
Exploitation: As a red team member, they will exploit vulnerabilities with applications, as detected during the identification stage, to determine the level of impact to the enterprise, had someone with malicious intent attempted the same action.
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: Optional Telecommute