Senior Purple Team Program Analyst Senior Purple Team Program Analyst …

TD Bank Group
in Toronto, ON, Canada
Permanent, Full time
Be the first to apply
TD Bank Group
in Toronto, ON, Canada
Permanent, Full time
Be the first to apply
Senior Purple Team Program Analyst
Company Overview

Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think \u0022TD\u0022 if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story:

Department Overview

Building a World-Class Technology Team at TD

We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD's technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.

TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.

There's room to grow in all of it.

Job Description

About This Role
The Cyber Assurance Program (Red Team) is looking for someone to join us as we expand the capabilities related to purple team testing. We'll look to you to help provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing expertise to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. This role will manage and lead the day to day purple team process which aims to evaluate the efficacy of our cyber security detective and preventative controls.

Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here's some of what you may be asked to perform:
  • Manage all aspects of the Purple Teaming program this includes:
    • Scheduling individual tests to be completed with internal testers;
    • Managing weekly purple team debrief sessions;
    • Working with LOB partners on remediation of identified gaps;
    • Completing weekly, monthly and quarterly reporting;
    • Maintaining process documentation; and
    • Identify and implement areas for improvement in the program
  • Will also assist in overall Cyber Assurance Program (Red Team) operations, tracking and reporting.
  • Engage in assessments related to risk, controls, implemented control procedures, vulnerability etc.
  • Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats to TD.
  • Develop on-going purple team risk reporting, monitoring key trends and defining metrics to measure control effectiveness for your own area.
  • Apply a teamwork philosophy with technology and partners, service or platform owners to integrate all technology security components and address control gaps.
  • Provide support and consulting for Audits, help compose management responses and appropriate remediation activities.
  • Adhere to policies, procedures, technology control standards and regulatory guidelines.
  • Contribute to internal activity and process review, flag windows for improvement.
  • Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies related to technology controls / information security activities.
  • Influence behavior to reduce risk, foster a strong technology risk management culture.
  • Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness.
  • Manage relationships with other technology/business/corporate/control functions.
  • Interfaces with Line of Business Units, Service Desk, ITS infrastructure and Development areas to ensure timely remediation of identified issues.
  • Assess, identify and escalate issues appropriately.


What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:
  • University/College Degree.
  • 5-7 years of relevant experience.
  • Firm commitment to staying informed and abreast of emerging issues, industry trends etc.
  • Advanced knowledge of one or more technology controls or security domains, disciplines and practices.
  • Sound to advanced knowledge of business, technology controls, security and risk issues.
  • Demonstrated ability to participate in projects of moderate to high complexity.
  • Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives.
  • Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
  • Experience working within a wide range of environments to include Linux, UNIX, Windows in addition to a strong understanding of networking, the OSI model, and TCP/IP protocols
  • Initiative, solid judgment, and strong work ethic requiring minimal supervision;
  • Must be able to communicate technical details in a clear, understandable manner
  • Experience with SIEM tools in particular Splunk is an asset.
  • Working knowledge of EDR and antivirus technology.
  • Excellent communication skills.
  • Ability to balance multiple priorities and meet deadlines in a fast-paced and changing environment; must be flexible.
  • Experience with C# in an ASP.NET environment including proficiency in Javascript. A fundamental understanding of SQL/relational database and MVC application architecture is also required. .NET Core experience is a plus. Ability to understand business impact and prioritize issues/projects.
  • Demonstrated ability to work effectively with others, particularly in teams.
  • Strong analytical skills, managerial skills and skills interfacing with end-users.
  • Advanced skills in manipulating spreadsheets and data to produce detailed reports.
  • CISSP/GCIH/GREM/CISA/CEH/OSCP certification is an asset

Additional Information

Join in on what others in TD Technology Solutions are doing:
  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking,




At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.