Information Security Specialist - Disclosure Programs

by TD Canada Trust

Reference #: R_1445512
Position Type: Regular, Full-time
Remote work options: No
Location: London, Ontario
Date Posted: Jan 22, 2025
TD Canada Trust

Job Description

Responsibilities Include:

  • Acting as the first point of contact for Disclosure Programs @ TD.

  • Managing the day to day operations of a security vulnerability Disclosure Program including:

    • The assessment and management of issues;

    • Correspondence with reporters; and

    • Recommendations for program health improvements.

  • Planning and execution of Bug Bounty Challenges including:

    • Working with partners in other TD technology, business, and control partner teams;

    • Managing a schedule of upcoming events;

    • Planning and executing on the deliverables needed to hold events; and

    • Making recommendations for financial compensation to participants.

  • Documenting process / procedure as needed for Disclosure Program activities.

  • Working with stakeholders as needed to action escalated security incidents resulting from Disclosure Programs.

  • Execute and/or coordinate production threat hunting activities guided by intelligence from Disclosure Programs.

Improve and/or automate existing processes to increase efficiency.

Requirements:

  • Experience managing security disclosure programs and bug bounty programs.

  • Excellent written and verbal communication skills.

  • Ability to effectively communicate ideas and concepts to executive audiences.

  • Ability to influence and navigate the organization using teamwork skills and resourcefulness.

  • Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related technical field, or equivalent experience.

  • 3+ years of experience in application security, secure software development, or penetration testing environment.

  • Understanding of web application security and secure development practices.

Experience and Education:

  • Advanced penetration testing experience.

  • Experience working in security disclosure program communities.

  • Experience with Threat Modelling applications.

  • Certifications in the domain of penetration testing or application security (e.g., OSCP, OSWE, GWAPT, etc.)

  • Participation in Bug Bounties, CTFs, or similar activities

  • University degree

  • Information security certification / accreditation an asset

  • 7+ years of relevant experience

#Li-Tech