AI Detection Engineering Information Security Specialist

About The Position

Requirements

• 7+ years in detection engineering, data science for security, proven delivery of production ML detections and MLOps pipelines.
• Deep expertise with SIEM/SOAR/XDR (e.g., Splunk, Sentinel, XSOAR, Microsoft Defender suite) and threat detection methodologies; hands-on with content engineering and model governance.
• Strong skills in Python (pandas, scikit-learn, PyTorch/TensorFlow), PowerShell, and SQL/KQL; experience with feature engineering, cross-validation, A/B experiments, drift detection, and explainability.
• Familiarity with MITRE ATT&CK, kill-chain and threat modeling practices; ability to translate TTPs into signals, features, and labels.
• Demonstrated ability to work across technical and non-technical stakeholders; clear written/spoken communication; experience mentoring engineers and leading cross-functional initiatives.

Responsibilities

• AI Detection Engineering & Content Leadership Design, build, and productionize ML/AI detections (e.g., anomaly detection, behavior models, graph analytics) for Microsoft Defender (MDI/MDE/MDO), Sentinel, Splunk, and related platforms; champion model quality, drift monitoring, and explain ability.
• Establish feature pipelines and training/evaluation frameworks (offline/online) that support rapid iteration and safe rollout through CI/CD and detection-as-code workflows.
• Author and maintain reusable content libraries (rules, models, enrichers) aligned to MITRE ATT&CK and enterprise risk models; drive consistency and reusability across domains.
• Security Use Case Lifecycle (AI-Enhanced) Own the end-to-end lifecycle for AI-enabled use cases: problem framing, data readiness, threat modeling, model selection, validation, deployment, tuning, and retirement; maintain auditable artifacts for governance.
• Integrate detections with XSOAR playbooks, enrichment services, and case management to enable automated triage/response where risk criteria are met.
• Program & Platform Contributions Map AI use cases and threat models to convert high-value scenarios into AI-assisted detections; ensure MDI/XDR ↔ XSOAR synchronization and playbook readiness.
• Contribute to the detection platform vision (content libraries, testing harness, BAS integration, governance dashboards) to scale coverage and reduce time-to-detect.

Benefits

• Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical and mental well-being goals.
• Total Rewards at TD includes base salary and variable compensation/incentive awards (e.g., eligibility for cash and/or equity incentive awards, generally through participation in an incentive plan) and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off (including Vacation PTO, Flex PTO, and Holiday PTO), banking benefits and discounts, career development, and reward and recognition.
• regular development conversations
• training programs
• competitive benefits plan
• online learning platform
• mentoring programs