Toronto-Dominion Bank (TD)
All companies are not the same. What makes TD special as a business is also, what makes us special as an employer. Why TD?
TD’s Colleague Promise: A better you. A better us.
A more confident you means a stronger us. We empower you to grow your skills, gain new perspectives, and create impact at work and in your community. That’s our unique and inclusive culture.
Co-op and Internship opportunities allow you to gain valuable work experience across a number of the businesses at TD. You will work with experienced colleagues, receive world class training, and be part of a community of students across TD, where you will have an impact, grow as individual and experience our culture of care.
Our Momentum Program is offered with select Co-op and Internship roles and is designed to help you better understand the TD business, build on critical career capabilities, and broaden your professional network. This program is designed to complement your on-the job experience and features:
- Leadership talks with key Leaders from across the organization
- Lunch and Learns on topics such as Innovation
- Diversity and Inclusion and Personal Branding and so much more
Enterprise Protect directs and supports TD Bank in the protection of its information assets through the implementation of appropriate information security policies, standards and procedures and provides the enterprise with integrated security technologies, strategies, services, and solutions.
This position is with the Application Security Penetration Testing Team, within Enterprise Protect & Office of the CISO, and is responsible for discovering application layer vulnerabilities in it’s running code, supporting incidents, and delivering remediation guidance to teams across TD Bank.
The Application Security Penetration Testing Co-op will support policies and governance by validating that security controls are followed throughout an application development lifecycle and will learn by performing the following:
- Performs vulnerability discovery using automated tooling and scanning
- Performs triage of findings generated by automated tooling and scanning
- Learns to identify, prove, and report vulnerabilities that cannot be identified by scanners or tools
The Application Security Penetration Testing Co-op will learn to:
- Review and identify false positives generated by scanners or tools
- Up to date exploits and security trends
- Deliver clear and coherent written reporting and remediation guidance
- Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG’s business.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
- Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
- Currently enrolled in an undergraduate degree majoring in relevant technology programs, such as Information Security, Computer Science, Business Technology Management, Information Technology Management, Financial Analysis and Risk Management, or Technology Sciences
- Must be enrolled in an undergraduate degree with the intent of going back to school at the start of your work term
- Basic understanding of security testing tools and methodologies, including vulnerability assessment and penetration testing tools, and associated result analysis
- Experience with the following technology components:
- Web Application Scanning tools
- Coding languages and frameworks
- Networking and Technologies
- Understanding of profiling application, identifying threats, and developing test cases to target identified threats
- Understanding of gathering of network-based and host-based artifacts analysis and forensics.
- Working knowledge in cryptography technologies, PKI, CA, Symmetric/Asymmetric keys, key and certificate management.
- Working knowledge in cryptography primitives (cyphers, modes of encryption, key establishing, hash functions, authentication digests, KDF/PKDF, randomization)
- Working knowledge in transport layer security (SSL/TLS), X.509, cypher suites.
- Ability to understand technical aspects of NIST, CSEC, ISO27000 standard and recommendations.
- Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10.
- Basic programming skills in various disciplines including scripting languages
- Basic Database and database query skills
- This position is a 4-month work term and will commence May 3 rd , 2021.
- Applications must include a transcript, cover letter (one letter-sized page or less) and a resume (maximum of 2 pages).
- We welcome all applications; however, we will only contact qualified candidates chosen for an interview. Thank you for your interest.
- TD requires employees to reside in the country where the role is located, irrespective of remote working arrangements
- TD is committed to providing you with the best candidate experience and internship in these unique circumstances. As such, work location and start dates are subject to change.
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.