Information Security Specialist - Cyber Security Incident Response

Toronto, Ontario, Canada

37.5 hours per week

Technology Solutions

$96,900 - $136,800 CAD (base salary)

Information Security Specialist – Cyber Security Incident Response Team (CSIRT)

Play a critical role in detecting, investigating, and responding to cyber threats targeting TD. Lead complex investigations, develop detection and hunting techniques, and strengthen incident‑response capabilities.

• Guide partners on technology throughout incidents
• Lead cybersecurity incidents and events
• Contribute to containment and recovery plans for incidents
• Help define, develop, and oversee a global security management strategy and framework
• Ensure technology, processes, and governance monitor, detect, prevent, and react to current and emerging threats
• Develop ongoing operational enhancements – alerting, monitoring, and detection across multiple security domains
• Adhere to internal policies, technology control standards, and regulatory guidelines
• Review internal processes, identify improvement opportunities
• Enforce enterprise frameworks and methodologies related to technology controls and information security
• Influence culture to reduce risk and foster strong risk management

• University degree or equivalent hands‑on experience
• 7+ years relevant, hands‑on experience
• Expert knowledge of IT security and incident management across multiple cybersecurity domains
• Strong experience with SIEM, EDR, XDR, firewall, WAF, email proxies, NIDS, and equivalents
• Advanced experience with modern operating systems (Windows, Unix/Linux, cloud, mobile)
• Advanced scripting skills; ability to read data structures and binary code
• Advanced knowledge of enterprise security controls, cyber risk, and governance
• Excellent communication, leadership, and people‑building skills
• Ability to participate in complex, large projects
• Leadership role as an expert in technology controls and information security for project teams and vendors
• Eligibility for employment under regulatory standards applicable to the position

• Extensive experience as an incident commander or manager on complex cybercrime incidents
• Experience handling network layer‑7/application and internet‑facing attacks
• Briefing senior executives on cybercrime incident triage, containment, and recovery
• Authoring complex communications for incident triage and recovery
• Maintaining electronic and operational playbooks, governance documentation
• Knowledge of NIST Cybersecurity Framework, SANS Top 20 Controls, OWASP Top 10, MITRE ATT&CK
• Expert knowledge of SIEM/UEBA solutions (Splunk, Azure Sentinel); experience with CrowdStrike, MS Defender, XSOAR
• Forensics tools expertise (Encase, Axiom, Autopsy, FTK Imager, etc.)
• Certifications such as GIAC (GCIA, GPEN, GWAPT, GCIH, GSEC, GCFA), CCNP, CCNA, CISSP, Cloud Security

Work within a 24×7 security monitoring operations team using a rotating shift schedule that includes occasional on‑call, weekend, and night support.