You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Information Security Specialist (Lead incident response / Forensics) )

Toronto, ON
Full Time
2 days ago
Company Overview

Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story:

Department Overview

Building a World-Class Technology Team at TD

Headquartered in Canada and a top-10 North American bank, with roughly 90,000 employees and more than 15 million active online and mobile customers, TD ranks among the world's leading online financial services firms. In 2019, TD was named one of the Best Workplaces in Canada by the Great Place to Work Institute for the 13th year in a row.
The CSIRT Forensics and Investigations team is responsible for protecting the Bank, its assets and reputation, by supporting incidents and events resulting from internal and external threats. It's a global team running 24x7 in a follow-the-sun model.

Job Description

About This Role

As a Senior CSIRT Forensics and Investigations Specialist you will perform deep dives on complex events, providing point of entry, data exfiltration, and root cause analysis, or process breakdown on these events and their impact on the bank. You will actively hunt for malware in active investigations. You will provide updates to relevant Fusion partners and remediation strategies for immediate containment or to mitigate future attacks.
  • Support and partner with information security investigations and Incident Response teams during active incidents. Participate in bridges and war rooms.
  • Owning, defining, and building the end-to-end information security incident response capability within the organization.
  • Prepare strategic updates and vision documents, briefings, and reports, and demonstrates excellent communication skills and executive presence in presentations to executives and other stakeholders.
  • Provide executive level updates, written and verbally, on current and past cyber incidents. Explain complex technical concepts in business terms.
  • Build and maintain metrics and playbooks for the team.
  • Proposing and implementing new strategies for non-standard activities.
  • Support TD's Follow-the-Sun model for investigations and forensics across multiple regions globally.
  • Oversee the monitoring, identification, and resolution of security incidents to detect threats through analysis, investigations and prioritization of incidents based on risk/exposure.
  • Reviewing investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
  • Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the TD Bank in the improvement and maintenance of a robust response to new threats and attack vectors.
  • Interacting with different teams to create interaction model for better alignment and coordination for security incident.
  • Providing recommendations for process improvements which team can benefit.
  • Act as a delegate for the team by contributing in new project's Software development lifecycle.
  • Produce KPIs, SLA's and other metrics for the team.
  • Act as an owner during incident calls and provide technical expertise.
  • Produce presentations and documentation which can be consumed by the management


What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:
  • 7+ years of relevant experience - including incident response, malware analysis, TIER2/3 SOC.
  • Experience as a leader or manager, and people-focused view on how to accomplish goals and outcomes and track record of driving successful outcome
  • Experience working with EDR tools is required.
  • Solid understanding of SIEM-based detection use-cases and SIEM solution such as Splunk, Azure Sentinel is required.
  • Experience conducting log analysis of Windows Event Logs, Apache, IIS, firewall and WAF logs is required.
  • EnCe certification and/or experience with EnCase is a strong plus.
  • Experience in scripting (Python, PS) is a strong plus.

Additional Information

Join in on what others in TD Technology Solutions are doing:
  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking,



At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.
Information Technology