JOB DESCRIPTION:

About This Role:
As a Container Vulnerability Management Specialist at TD Bank, you will develop and implement technology controls and policies to ensure that the application containers are built and deployed securely. You will focus on enabling TD teams and leaders to understand security risks, coming from vulnerabilities in containers. Working closely with our partners in development experience and DevOps verticals, you will identify gaps in current processes and tooling, enforce standards and policies and track vulnerability remediation to mitigate risks. You will have an opportunity to present various reports, analyses, and assessment to the functional, business and enterprise-level audiences.
To succeed in this position, you will need to have a strong technical expertise in the world of containers that includes technologies such as Docker, Kubernetes, Red Hat OpenShift, Wiz and any of the cloud platforms (Azure and GCP preferred).

Responsibilities:

• Provide technical expertise and oversight for container scanning, container vulnerability prioritization, and remediation.
• Be a lead contributor to enterprise-level initiatives pertaining to container security and risk remediation.
• Effectively communicate critical vulnerabilities, their impacts, associated risk, and remediation priorities to cross-functional leadership teams.
• Help build and enforce technology controls, along with container security standards to ensure best practices are followed, when building and deploying application containers.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the bank.
• Be a people manager, who embodies TD values and provides much-needed support for their direct report(s) to grow and produce impactful outcomes in container space.

Job Requirements:

Must-haves

• Bachelor’s or Master’s degree
• 5+ years of experience in information security or product security
• Strong technical expertise with Docker, Kubernetes, platforms such as Azure Kubernetes Service (AKS) or RedHat OpenShift, container registries such as Azure Container Registry (ACR), Sonatype Nexus.
• Experience with container scanning tools such as Aqua Security, Prisma, Wiz.
• Experience with the vulnerability management lifecycle, including identifying, assessing, mitigating, and reporting security vulnerabilities.
• Working knowledge of information security concepts, such as Common Vulnerabilities and Exposures (CVEs), Common Weakness Enumeration (CWEs), risk treatment and remediation tracking strategies.
• Familarity with priortization techniques of vulnerabilities such as EPSS , SSVC etc..
• Familiarity with ServiceNow Vulnerability Response module(s).
• Familiarity with Azure or GCP cloud and cloud security.
• Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
• Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization, and outside vendors.
• Ability to work independently without supervision; demonstrated ability to manage and deliver multiple tasks and job responsibilities.
• Strong written communication and organizational skills.

Nice-to-haves

• Development experience in cloud environment (preferably, Python)
• Familiarity or DevOps experience with writing Dockerfiles, building container images, deploying, and managing containers.
• Prior people management experience

LI-Tech

WHO WE ARE:

TD is one of the world’s leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues.
TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you’ve got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we’re here to support you towards your goals. As an organization, we keep growing – and so will you.

• Provide technical expertise and oversight for container scanning, container vulnerability prioritization, and remediation.
• Be a lead contributor to enterprise-level initiatives pertaining to container security and risk remediation.
• Effectively communicate critical vulnerabilities, their impacts, associated risk, and remediation priorities to cross-functional leadership teams.
• Help build and enforce technology controls, along with container security standards to ensure best practices are followed, when building and deploying application containers.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the bank.
• Be a people manager, who embodies TD values and provides much-needed support for their direct report(s) to grow and produce impactful outcomes in container space