AI Detection Engineering Information Security Specialist (B3617)
Description
This role is for an experienced Information Security Specialist (L10) to lead the AI-driven detection engineering capability within CTD. The specialist will be responsible for designing, implementing, and operating machine learning-enhanced detections across various SIEM/XDR platforms, aiming to improve alert accuracy and analyst efficiency through automation and codified processes. The role involves partnering with various security teams to develop enterprise-scale detections that can adapt to evolving threats and mentoring junior engineers.
What We're Looking For
Design, build, and productionize ML/AI detections for platforms like Microsoft Defender (MDI/MDE/MDO), Sentinel, Splunk, and similar platforms, ensuring model quality, drift monitoring, and explainability.,Establish feature pipelines and training/evaluation frameworks to support rapid iteration and safe deployment through CI/CD and detection-as-code workflows.,Author and maintain reusable content libraries (rules, models, enrichers) aligned with MITRE ATT&CK and enterprise risk models.,Manage the full lifecycle of AI-enabled security use cases, from problem framing to deployment, tuning, and retirement, maintaining auditable artifacts.,Integrate detections with XSOAR playbooks, enrichment services, and case management for automated triage and response.,Map AI use cases and threat models to convert high-value scenarios into AI-assisted detections, ensuring synchronization and playbook readiness.,Contribute to the detection platform vision to scale coverage and reduce time-to-detect.
Ideal Candidate
7+ years of experience in detection engineering, data science for security, with proven delivery of production ML detections and MLOps pipelines.,Deep expertise with SIEM/SOAR/XDR platforms (e.g., Splunk, Sentinel, XSOAR, Microsoft Defender suite) and threat detection methodologies; hands-on experience with content engineering and model governance.,Strong skills in Python (pandas, scikit-learn, PyTorch/TensorFlow), PowerShell, and SQL/KQL; experience with feature engineering, cross-validation, A/B experiments, drift detection, and explainability.,Familiarity with MITRE ATT&CK, kill-chain, and threat modeling practices; ability to translate TTPs into signals, features, and labels.,Demonstrated ability to work across technical and non-technical stakeholders; clear written/spoken communication; experience mentoring engineers and leading cross-functional initiatives.,Preferred Certifications: CISSP, GIAC (GCIA, GCIH, GCED), Azure Data/AI (DP-100, AI-102), or equivalent.
Hard Skills
Soft Skills
Work Hours
37.5 hours/week
Benefits
Special Commitments
Subject to provincial regulation for employment purposes.
Also Available At
About the Company
The Toronto-Dominion Bank
The Toronto-Dominion Bank and its subsidiaries are collectively known as TD Bank Group, one of the largest banks in North America. TD provides a wide range of personal, commercial, and investment banking products and services to over 27 million customers globally. Headquartered in Toronto, Canada, the bank operates through key segments including Canadian Retail, U.S. Retail, and Wholesale Banking.
We respect your privacy
BerryMap uses cookies to provide essential features, analyze usage, and improve your experience. You can customize your preferences below.