Senior Information Security Analyst

TD Bank
Laurel, DE
Feb 15, 2018
Feb 22, 2018
Full Time
Job DescriptionAbout This Role The Senior Information Security Analyst / Penetration Tester is expected to conduct formal security testing on web, mobile, APIs and infrastructure systems on both a planned and ad-hoc basis. The Penetration Tester will be a key adviser to security personnel on defensive strategies and work with other personnel to secure and reduce overall risk to the bank. Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:Performs thorough penetration testing that includes the identification, reporting, and recommendations for security vulnerabilities while adhering to management driven scope and deadlinesIdentifies, proves, and reports vulnerabilities that cannot be identified by scanners or toolsReviews and identifies false positives generated by scanners or toolsStays up to date on the latest exploits and security trendsDelivers clear and coherent written reporting and remediation guidanceDemonstrates the ability to assess risk and apply to remediation guidanceApply a teamwork philosophy with technology and partners, service or platform owners to integrate all technology security components and address control gaps. Adhere to policies, procedures, technology control standards and regulatory guidelines. Contribute to internal activity and process review, flag windows for improvement. Influence behavior to reduce risk, foster a strong technology risk management culture. Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness. Manage relationships with other technology/business/corporate/control functions. Assess, identify and escalate issues appropriately. Other duties as assigned * Driving Requirements: * Travel Requirements:Job RequirementsWhat can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position: University Degree. Information Security Certification / Accreditation an asset. 5-7 years of relevant experience. Firm commitment to staying informed and abreast of emerging issues, industry trends etc. Advanced knowledge of one or more technology controls or security domains, disciplines and practices. Sound to advanced knowledge of business, technology controls, security and risk issues. Demonstrated ability to participate in projects of moderate to high complexity. Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives. Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. QualificationsPreferred Qualifications - Here are the preferred qualifications for this role: Certified as GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) preferredDemonstrated experience with automated and manual penetration toolsDemonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organizationKnowledge and understanding of banking or financial services industryStrong analytical skills with high attention to detail and accuracy