TD is seeking an AI Detection Engineering Information Security Specialist to spearhead our AI-driven detection engineering capability. You will design, implement, and operate machine learning–enhanced detections across our SIEM and XDR ecosystems to elevate alert fidelity and analyst productivity. You'll partner with CSOC, CSIRT, Threat Hunting, and platform teams to deliver enterprise-scale detections that adapt to evolving threats.
What You'll Do
- Design, build, and productionize ML/AI detections (e.g., anomaly detection, behavior models, graph analytics) for Microsoft Defender (MDI/MDE/MDO), Sentinel, Splunk, and related platforms.
- Champion model quality, drift monitoring, and explainability.
- Establish feature pipelines and training/evaluation frameworks (offline/online) that support rapid iteration and safe rollout through CI/CD and detection-as-code workflows.
- Author and maintain reusable content libraries (rules, models, enrichers) aligned to MITRE ATT&CK and enterprise risk models.
- Own the end-to-end lifecycle for AI-enabled use cases: problem framing, data readiness, threat modeling, model selection, validation, deployment, tuning, and retirement.
- Maintain auditable artifacts for governance.
- Integrate detections with XSOAR playbooks, enrichment services, and case management to enable automated triage/response.
- Map AI use cases and threat models to convert high-value scenarios into AI-assisted detections.
- Ensure MDI/XDR ↔ XSOAR synchronization and playbook readiness.
- Contribute to the detection platform vision (content libraries, testing harness, BAS integration, governance dashboards) to scale coverage and reduce time-to-detect.
- Mentor L9 engineers and shape TD’s detection roadmap.
What We're Looking For
- 7+ years in detection engineering or data science for security.
- Proven delivery of production ML detections and MLOps pipelines.
- Deep expertise with SIEM/SOAR/XDR (e.g., Splunk, Sentinel, XSOAR, Microsoft Defender suite) and threat detection methodologies.
- Hands-on experience with content engineering and model governance.
- Strong skills in Python (pandas, scikit-learn, PyTorch/TensorFlow), PowerShell, and SQL/KQL.
- Experience with feature engineering, cross-validation, A/B experiments, drift detection, and explainability.
- Familiarity with MITRE ATT&CK, kill-chain and threat modeling practices.
- Ability to translate TTPs into signals, features, and labels.
- Demonstrated ability to work across technical and non-technical stakeholders.
- Clear written and spoken communication.
- Experience mentoring engineers and leading cross-functional initiatives.
Nice to Have
- CISSP, GIAC (GCIA, GCIH, GCED), Azure Data/AI (DP-100, AI-102), or equivalent certifications.
Technical Stack
- Platforms: Microsoft Defender (MDI/MDE/MDO), Sentinel, Splunk, XSOAR
- Languages & Tools: Python, pandas, scikit-learn, PyTorch/TensorFlow, PowerShell, SQL/KQL, CI/CD
Team & Environment
You will partner closely with CSOC, CSIRT, Threat Hunting, and platform teams. A key part of this role is mentoring L9 engineers.
Benefits & Compensation
- Compensation Range: $114,000.00 - $136,800.00 CAD
- Health and well-being benefits
- Savings and retirement programs
- Paid time off
- Banking benefits and discounts
- Career development
- Reward and recognition programs
- Regular development conversations
- Training programs
- Mentoring programs
- Online learning platform
Work Mode
This position operates in a local-city work mode and is based in Toronto, Ontario, Canada.
TD is committed to providing fair and equitable compensation opportunities. We believe all colleagues are customer facing, and we are deeply committed to being a leader in customer experience.
