Listing Description
Department Overview
Building a World-Class, Diverse and Inclusive Technology Team at TD
We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD's technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.
Job Description
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here's some of what you may be asked to perform:
TD has a requirement for experienced penetration testers/ red teamers to take the traditional vulnerability assessment and build upon it, acting as “red team” members to evaluate the security of TD’s external networks, applications, sensitive internal systems, mobile device application and data coding standards. Our red team testers will need to go beyond the typical enumerating vulnerabilities through scanning, and need to look at actually exploiting issues, or discovering issues not picked up in security scanning. The red team members will conduct targeted and coordinated testing that simulates real-world attacks that would not be seen in a typical pen test.
Job Requirements
What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:
Qualifications
Bachelors degree in IT security, computer science or equivalent experience
Required Skills:
• 5+ years of experience delivering penetration testing consulting engagements
• Red Team or Ethical Hacking experience
• Experience delivering vulnerability management assessments and consulting
• Must have outstanding written and verbal communication and presentation skills
• Ability to work with others effectively
• Ability to continually refine the vulnerability assessment and penetration testing methods and deliverables
• Creative
• Collaborative
• Cross trained in multiple attack methods
• Adaptive, ability to think on their feet
• Emotionally Intelligent
• Committed to success
• Question corporate/personal perceptions
• Effective communicators
• Curious
• Experience with security tools such as – Nmap, Metasploit, Kali Linux, Cobalt Strike, etc., as well as other various testing tools
Desired Skills:
• Experience with penetration testing highly desired
• Security Certifications such as CEH, CISSP, CISM, OSCP, OSCE
• Wireless, Network and TCP/IP skills
• DevOps
• Unix command, bash scripting, python coding
• Hardware hacking
• Knowledge of adversarial activities in cyberspace with an understanding of intrusion set tactics, techniques, and procedures (TTP) with the ability to emulate these TTP to assess vulnerability and risk
• Familiarity with Advanced Persistent Threat (APT) activity; Offensive attack hacker mindset
Additional Information
Join in on what others in TD Technology Solutions are doing:
• Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
• Learn voraciously, stretch your thinking, share your knowledge and educate others.
• Communicate and collaborate with both technical and non-technical professionals.
• Cultivate winning relationships by building trust with business and technology partners.
• Share our commitment to productivity, effectiveness and operational efficiency.
• Embrace change and witness amazing things happen – from the inside.
Make your mark. Join a dynamic team. Explore new ideas. This is your opportunity to impact the future of banking technology in areas and ways you've never imagined (at a bank)! Visit techjobs.td.com to learn more.The candidate will be expected to follow our assessment process, which includes three components:
Discovery: Working with the team to discover TD networks, applications, and mobile assets. Gather key information including registration data, operating system, patch, and service version information, and system and application configurations.
Vulnerability Identification: Based on what they learn during the discovery phase, they will then take steps to test the discovered environment or requested applications for real world security issues. Using a variety of applicable tools, including in-house and commercially available programs, they will create a real-world scenario where they attempt to compromise systems, applications, and mobile security, gain access to resources, or disrupt and exploit system services.
Exploitation: As a red team member, they will exploit vulnerabilities with applications, as detected during the identification stage, to determine the level of impact to the enterprise, had someone with malicious intent attempted the same action.
Specific Responsibilities of Position:
Provide support in the discipline of the Cybersecurity Assurance Program
Participate in the development of new cyber security assessment practice services
Simulates malicious tactics of a motivated adversary with the intent of achieving a specific goal or access
Conduct penetration testing for the red team which includes:
Network, System, Application, Mobile, traditional web and wireless penetration testing
Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.
Writing exploit code for local testing
Hardware Hacking
Social Engineering
Listing Details
- Citizenship: No Requirements
- Incentives: Both
- Education: Bachelors Degree
- Travel: Travel 25
- Telework: Full Telecommute