Cyber Security Specialist

Role:

  • Handles incident response, a mission to detect, prevent, and if necessary, recover from security incidents
  • Focuses primarily on security incidents involving TD Ameritrade’s computer systems, but is also called upon to assist in many other security related areas, most notably fraud prevention
  • Executes case reviews and performs quality assurance for regulatory compliance
  • Hours are Monday-Friday 11 a.m.-7 p.m.

Responsibilities:

  • Create Security Information and Event Management (SIEM) logic based on Windows, Firewall, Anti-Virus, etc. capabilities and log structure to detect malware, unauthorized accesses, exploits, etc.
  • Use security monitoring devices and interpret outputs to identify anomalous traffic and determine the level of escalation. Understand the logic and processes behind the incidents to create or improve detection capabilities.
  • Identify incidents of associates copying confidential data to removable storage devices, email, or to the internet and take necessary actions to contain the data loss. Evaluate the seriousness of the incident and escalate as appropriate.
  • Use various sources to identify direct or indirect threats that could impact TD Ameritrade and their clients. Analyze the data, determine seriousness of the threat, and recommend course of action.
  • Research suspicious emails submitted by associates to determine the validity and origin of the email. Analyze links and attachments contained within the email for malicious links or code. If phishing sites are identified initiate actions to take the site down.
  • Assist internal business partners by performing E-Discovery tasks
  • Performing Root Cause analysis and forensic level reviews for security incidents when applicable
  • Create technical and executive reports that clearly communicate the scope, impact, and recovery of security incidents
  • Assist or recommend containment decisions to reduce incident impact to the firm, clients and partners

Requirements:

  • Work in a 24/7/365 response team monitoring network and security devices for a large enterprise
  • Experience in SIEM technology, centralized logging, and log correlation
  • Knowledge to provide enterprise architectural design enhancements to improve the TD Ameritrade security posture
  • Familiarity of Windows, Linux and UNIX, operating systems. Able to interpret vulnerabilities and their applicability to target systems
  • Basic understanding of regulatory requirements and escalate events that may impact TD Ameritrade compliance
  • Strong technical skills with familiarity with one or more of the following:
  • IP Networking
  • Intrusion Detection
  • IT System Administration
  • CCNA, CCSP, Network+, A+, SANS GCIA, GCIH, GCFA
  • 2-4 years related work experience
  • Strong written and verbal communication skills
  • Regulatory audit experience strongly preferred
  • 2 year college degree; 4 year college degree preferred
  • Military education or experience may be considered in lieu of civilian requirements listed

Source:https://jobs.tdameritrade.com/job/-/-/1121/3636882