Information Security Specialist - Penetration Testing

TD Bank
Laurel, DE
Feb 15, 2018
Feb 22, 2018
IT, Security Engineer
Full Time
Job DescriptionAbout This Role We are looking for someone to develop and implement Technology Controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:Performs thorough penetration testing that includes the identification, reporting, and recommendations for security vulnerabilities while adhering to management driven scope and deadlinesIdentifies, proves, and reports vulnerabilities that cannot be identified by scanners or toolsReviews and identifies false positives generated by scanners or toolsStays up to date on the latest exploits and security trendsDelivers clear and coherent written reporting and remediation guidance Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG's business. Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area. Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines. Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement. Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities. Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise . Other duties as assigned * Driving Requirements: minimal, as needed * Travel Requirements: minimal, as neededJob RequirementsWhat can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position: University Degree. Information Security Certification / Accreditation an asset. 7+ years of relevant experience. Expert knowledge of IT security and risk disciplines and practices. Advanced knowledge of of organization, technology controls, security and risk issues. Demonstrated ability to participate in complex, comprehensive or large projects and initiatives. Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors. QualificationsPreferred Qualifications - Here are the preferred qualifications for this role: 5+ years of experience in security applications and systems preferred 5 years of demonstrated experience with automated and manual penetration tools preferred Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization preferred Preferred Certifications: GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP)