Senior Information Security Analyst

TD·Workday
TorontoFull-timePosted Jul 8, 2026
Apply

Work Location:

Toronto, Ontario, Canada

Hours:

37.5

Line of Business:

Technology Solutions

Pay Details:

-

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.

As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Job Description:

Job Description

We are seeking a Senior Information Security Analyst to support enterprise cybersecurity monitoring, detection engineering, and security operations improvement. This role will help develop and maintain effective security detections, improve alert quality, support threat detection activities, and contribute to the overall maturity of security monitoring capabilities.

The successful candidate should have a strong cybersecurity foundation, practical experience with SIEM platforms, and familiarity with cloud, identity, endpoint, and network security concepts. The role requires hands-on experience with Microsoft Sentinel and the Microsoft security ecosystem, along with working knowledge of Splunk. The candidate should be able to analyze security events, understand attack behaviours, tune detections, and work with operational teams to improve detection coverage and investigation outcomes.

Key Responsibilities

  • Support the development, review, tuning, and maintenance of security detections across SIEM and security monitoring platforms.
  • Analyze security events, alerts, and telemetry to identify suspicious activity, detection gaps, and opportunities for improvement.
  • Apply detection engineering principles to improve alert fidelity, reduce unnecessary noise, and ensure detections are practical for security operations.
  • Work with Microsoft Sentinel, Microsoft Defender products, Microsoft Entra ID, and related security tools to support threat detection and investigation use cases.
  • Use Splunk to review security data, support investigations, and assist with detection tuning where required.
  • Apply cybersecurity knowledge across identity, endpoint, cloud, network, email, and application security domains.
  • Collaborate with SOC, incident response, security engineering, and technology teams to understand monitoring needs and improve security outcomes.
  • Document detection logic, assumptions, data sources, tuning decisions, and investigation guidance in a clear and maintainable way.
  • Support ongoing assessment of detection effectiveness, including relevance, actionability, coverage, and operational value.

Required Qualifications

  • Experience in cybersecurity, security monitoring, SOC operations, incident response, threat hunting, or detection engineering.
  • Hands-on experience with Microsoft Sentinel and familiarity with the broader Microsoft security suite.
  • Working knowledge of Splunk and the ability to review or support SIEM-based detections and investigations.
  • Strong understanding of cybersecurity fundamentals, including common attack techniques, security controls, incident investigation, and risk-based thinking.
  • Familiarity with cloud security concepts, especially around identity, access, logging, monitoring, and misconfiguration risks.
  • Understanding of security telemetry from identity, endpoint, network, email, cloud, and application environments.
  • Ability to assess whether alerts are accurate, actionable, and useful for security operations.
  • Strong analytical, troubleshooting, communication, and documentation skills.
  • Ability to work with cross-functional technical teams in a large enterprise environment.

Preferred Qualifications

  • Experience with KQL, SPL, or other security query languages.
  • Experience with Microsoft Defender XDR, Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud, or Defender for Cloud Apps.
  • Experience with endpoint detection and response tools such as SentinelOne or similar EDR platforms.
  • Familiarity with MITRE ATT&CK, threat intelligence, attack paths, or adversary behaviour analysis.
  • Exposure to detection lifecycle management, detection-as-code, automation, SOAR, or version-controlled security content.
  • Scripting or automation experience using Python, PowerShell, or similar technologies.
  • Experience working in a regulated, financial services, or large enterprise environment.

Candidate Profile

The ideal candidate is a hands-on cybersecurity professional who understands both security operations and detection engineering. They should be comfortable working with SIEM data, investigating suspicious activity, improving detection quality, and applying broad cybersecurity knowledge across cloud, identity, endpoint, network, and application environments.

They do not need to be an expert in every tool, but they should have strong fundamentals, be able to learn quickly, think critically, and make practical decisions that improve security monitoring effectiveness.

Who We Are:

TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we strive to make every interaction, product, and experience remarkably human and refreshingly simple for over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to foster deeper relationships, ensure disciplined execution, and build a simpler, faster banking experience. TD is deeply committed to being a leader in client experience, that is why we believe that all colleagues, no matter where they work, are client facing. Together, we are reimagining what banking can be for our clients, colleagues and communities.

Our Total Rewards Package
Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more

Additional Information:
We’re delighted that you’re considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we’re committed to providing the support our colleagues need to thrive both at work and at home.

Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements.


Colleague Development

If you’re interested in a specific career path or are looking to build certain skills, we want to help you succeed. You’ll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities.

If you’re passionate about helping clients and building deep, lasting relationships, TD offers diverse career paths where you can grow your expertise and make a meaningful impact.  

We're committed to your success and foster a respectful workplace where diverse perspectives are valued, everyone has fair opportunities to grow, and you can unlock your full potential to achieve your career goals. Here at TD, we hire and develop the best.

Training & Onboarding
We will provide training and onboarding sessions to ensure that you’ve got everything you need to succeed in your new role.

Interview Process 
We’ll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.


Accommodation
Your accessibility is important to us. Please let us know if you’d like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process.

We look forward to hearing from you!

Language Requirement (Quebec only):

Sans Objet

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free