Cloud Security Infrastructure Specialist

397958BR
Technology Solutions
Toronto, ON
February 3, 2023

Back to Search Results

Apply
Add to Cart

Company Overview

Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think “TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com

Department Overview

Building a World-Class Technology Team at TD

We can’t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD’s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.

TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize and mitigate business risk with technology controls. Priorities include: mitigating and managing cybersecurity threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity and partnering with businesses for better technology delivery by providing advice on technology controls.

And there’s room to grow in all of it.

Headquartered in Toronto, Canada, with more than 85,000 employees in offices around the world, The Toronto-Dominion Bank and its subsidiaries are collectively known as TD Bank Group (TD). TD is the sixth-largest bank in North America by branches offering a full range of financial products and services to approximately 24 million customers worldwide through three key business lines:

  • Canadian Retail including TD Canada Trust, Business Banking, TD Auto Finance (Canada), TD Wealth (Canada), TD Direct Investing and TD Insurance
  • U.S. Retail including TD Bank, America’s Most Convenient Bank, TD Auto Finance (U.S.), TD Wealth (U.S.) and TD’s investment in TD Ameritrade
  • Wholesale Banking including TD Securities

TD also ranks among the world’s leading online financial services firms, with approximately 10 million active online and mobile customers and had CDN$1.1 trillion in assets on July 31, 2015. Our mission is to give our clients the best banking experience possible, every day. To do that, we depend on our team of talented, ambitious people who share our passion for excellence.

Join the innovators of TD Technology.

We know that tech is constantly evolving, and we’re committed to growing with it, right across the board. Our Technology Solutions team works closely with each department at TD to create the platforms, applications, and ideas that shape the future of our business – and yours. We’re reimagining the way people think about their banking, every single day. This is your opportunity to impact the future of banking technology.

Job Description

About This Role

This role is critical for defining, documenting and ensuring the completeness and correctness of implemented technical and process controls related to the technical security controls connected to end-point devices implemented or operated in TD Azure Cloud. More specifically, the Cloud Infrastructure Security Specialist will:

  • Direct and provide hardening guidance for cloud services from Cloud Service Providers such as Microsoft, Amazon and Google.
  • Develop, implement, monitor and enhance data security policies, procedures, and standards related to Azure, AWS and GCP.
  • Perform in-depth risk assessments to ensure that the security safeguards and controls are aligned with our security policy and standards.
  • Review infrastructure design on-premises and on the Cloud (inclusive of container security architecture, data security architecture, network security architecture, and operational security architecture).
  • Assess the infrastructure and microservices design against different security regulatory, industry and internal standards such as TD Cloud Control Matrix, NIST, HITRUST CSA Containers’ security guidelines and identify the necessary security architecture requirements.
  • Execute on Cloud security engagements during different phases of the lifecycle – assess, design and implementation. Implementing industry-leading practices around cyber risks and cloud security.
  • Create technical and managerial level reports (KPI) and risk assessments for on-premises and cloud-based applications and infrastructure.
  • Ensure a “single pane of glass” into end-point controls and full automation of end-point controls in the ecosystem of TD Azure Cloud is automated from implementation, reporting and remediation perspective.
  • Research, create, develop and enforce security policies, standards and procedures to ensure the protection of the organization’s security and systems as specified by the HITRUST/NIST control framework.
  • Provide IT and business resources guidance in interpreting security compliance requirements and performing application and system security assessments.

Requirements

What will you need to succeed?

  • At least 10 years experience in information technology required.
  • 5+ years of relevant information security and information risk management experience.
  • 3+ years of relevant experience in Azure cloud security, including IaaS, PaaS and SaaS.
  • Knowledge of cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication and risk management.
  • Skilled experience in Azure Cloud Security Architecture and Microservices Security (e.g. Tenant Security, AKS Security, Containers Security, Pod Security, Application Gateway & WAF, Security Groups and VNET Segmentations, Security Analytics, etc.).
  • Knowledgeable in the dependencies related to end-point security and interaction with other components such as privilege management system, SIEM, SOAR, vulnerability management solution and operating model, PKI/Encryption technology, Firewall/IPS, WAF etc.
  • Understanding the dependencies related to application security best practices such as secure coding, security testing techniques.
  • Familiarity of Infrastructure as a Service, Infrastructure as Code and related concepts on Azure Cloud.
  • Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).
  • Experience and exposure to threat modelling and design reviews to assess security implications and requirements for the introduction of new technologies.
  • Skilled in representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.
  • In-depth understanding in applying native cloud security and monitoring services in the cloud, including network firewalls, access control lists, encryption, auditing and monitoring, alerting, secrets management and compliance scanning.
  • Familiarity with IT service management processes and concepts, including change management, incident management, problem management and configuration management
  • Knowledge of configuration management technologies (i.e., SaltStack and Ansible), Infrastructure Automation Technologies (i.e., Terraform), Containerization and Cloud Orchestration Technologies (i.e., Kubernetes, Dockers), Windows/Linux and related services (i.e., Active Directory, DNS, MSSQL).
  • Experience implementing and/or supporting a large-scale corporate enterprise solution.
  • Experience with Azure DevOps and DevOps tooling such as Jenkins, SaltStack, XL Release, Bit Bucket.
  • Working knowledge in these following areas: Microsoft PowerShell, Bash scripting, Azure Command-line interface, AquaSec, Azure templates and Azure software infrastructure.
  • Skilled in full software or systems development life cycle, including requirements analysis, design, integration, testing and implementation.
  • Knowledge of federal IT and cloud security policies, including FISMA, FedRAMP, NIST 800–53, and DoD Cloud SRG and applying them to the design and implementation of cloud solutions to achieve an authorization to operate (ATO).
  • Comfortable working with enterprise architecture while collaborating with cross-functional teams to implement solutions.
  • Strong interpersonal and communication skills; ability to work in a team environment
  • Self-starter/self-motivated; ability to work independently with minimal direction
  • Technical writing experience.
  • Demonstrate solid understanding and experience with systems automation platforms and technologies.
  • Proven experience in setting up and managing Azure tenancies, Azure policy management and resource management would be a plus.

Additional Information

Additional Information

Education:

  • Bachelor’s degree in computer science, engineering or a related field or equivalent work experience.

Certifications:

• Completed large/complex Cloud transformation projects
• Valid certification such as CompTIA Security+, CISSP, CCSP or CCSK
• Completed projects related to AWS and/or Azure for a private-sector employer
• Azure Security Certification

Join in on what others in TD Technology Solutions are doing:

  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking,

Hours

37.5

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.