AI Security Infrastructure Engineer (B3167)

Work Location:

Hours:

Line of Business:

Pay Details:

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidates skills and experience job-related knowledge geographic location and other specific business and organizational needs.

As a candidate you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Job Description:

Job Summary:

Drive forward-looking security strategy and engineering solutions for Generative AI and LLM platforms while specializing in leveraging AI security capabilities to augment and fortify existing enterprise solutions. You will act as a key technical leader bridging the gap between cutting-edge AI innovation and core infrastructure security.

This role is primarily focused on researching evaluating and conducting proof-of-concepts for new security technologies and protocols that protect our assets deployed in Azure Google Cloud or On-Premises. You will focus on high-impact areas including Agentic AI protocols (A2A MCP) API security Identity and Access Management and third-party Integration for LLMs AI models and RAG applications.

You will partner closely with AI Development teams to provide essential infrastructure security expertise to support broader security initiatives as well as the Dev-Sec-Ops and Platform Engineering teams to translate successful security PoCs into robust productive-ready solutions and infrastructure controls.

Detailed Job Description:

We are seeking an AI Security Infrastructure Engineer to be a key technical leader bridging the gap between cutting-edge AI innovation and core infrastructure security. Your mission will be to drive forward-looking security strategies and engineering solutions for Generative AI and LLM platforms while specializing in leveraging AI security capabilities to augment and fortify existing enterprise solutions.

Key Responsibilities: Research Evaluation and Design

This role is primarily focused on providing AI Security Infrastructure solutions researching evaluating and designing solutions that mitigate gaps in security controls and support leadership strategy and road maps. You will be responsible for conducting proof-of-concepts (PoCs) for new security technologies and protocols and support hardening efforts to protect our mission-critical assets deployed across Azure Google Cloud and On-Premises environments.

1. Advanced Protocol and Application Security

• Generative AI Protocols: Evaluate and secure emerging standards for multi-agent workflows such as the Agent-to-Agent (A2A) and Model Context Protocol (MCP).
• Third-Party Security: Conduct deep security assessments and validation of all infrastructure and connection points for third-party LLM and RAG (Retrieval-Augmented Generation) applications.
• Threat Modeling: Support threat modeling exercises for new AI applications and pipelines to proactively identify design flaws and adversarial attack vectors (e.g. prompt injection paths).
• Mitigation Solutions: Support the design build and testing of security controls to mitigate common AI/ML attacks as outlined by frameworks like the OWASP Top 10 for LLM Applications Mitre Atlas.

2. Access Identity and Cloud Controls

• IAM Design: Define and implement security designs for Identity and Access Management (IAM) specializing in securing non-human identities service principles and cross-cloud access.
• API Security: Own the security strategy for all AI service consumption including hardening of API Gateways and securing authentication flows (e.g. OAuth 2.0/OIDC) for model endpoints.
• Secrets Management: Design and PoC the secure storage injection and rotation of confidential data (API keys model weights database credentials) using solutions like Azure Key Vault and GCP Secret Manager in support of AI Security Infrastructure initiatives.
• AI Cloud Hardening: Establish security configuration baselines and network segmentation (e.g. Private Link VPC Service Controls) for AI-specific cloud resources on Azure and GCP.

3. Collaboration and Strategy Translation

• AI Red Team Support: Provide essential infrastructure security expertise and tooling to support the AI Red Team program helping them build secure testing environments and validate attack findings.
• Translation to Production: Collaborate with DevOps Governance Vulnerability Management and Platform Engineering partners to translate successful security PoCs and designs into robust production-ready solutions and Infrastructure as Code (IaC) controls.

Qualifications:

• 7 years of progressive experience in Cybersecurity Cloud Security Engineering or Application Security.
• Cloud Security Proficiency: Hands-on experience securing platforms and services in Microsoft Azure and Google Cloud Platform (GCP) with an understanding of hybrid security models.
• Identity & Access: In-depth knowledge of Identity and Access Management (IAM) concepts including implementation experience with OAuth 2.0/OIDC and modern token-based authentication systems.
• API/Application Security: Solid background in designing and testing the security of REST APIs and associated middleware (e.g. API Gateways WAFs).
• Secrets Management: Practical experience designing or implementing solutions for secure secret storage and retrieval (e.g. Azure Key Vault GCP Secret Manager HashiCorp Vault Hardware Security Modules)
• Programming/Scripting: Ability to script in Python Go PowerShell or similar languages (Python preferred) for security tool evaluation PoC implementation and security automation scripting.
• Good understanding of AI security frameworks such as OWASP Top 10 for LLM Applications OWASP API Top 10 Mitre Atlas

3 years leading A.I. programs

• Strong understanding of the AI/ML development lifecycle and the unique security risks associated with Generative AI LLMs and RAG architectures.
• Familiarity with the security implications of emerging agent collaboration protocols (A2A and MCP).
• Experience with risk assessment vulnerability research or threat modeling focused on AI systems.

Desired Qualifications (Nice to Have)

• Relevant professional certifications (e.g. Azure Security Engineer Associate GCP Professional Cloud Security Engineer CISSP CCSP).
• Experience securing containerized environments (Kubernetes/AKS/GKE).
• Familiarity with Infrastructure as Code (IaC) tools such as Terraform or Pulumi.

Who We Are:

TD is one of the worlds leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day we deliver legendary customer experiences to over 27 million households and businesses in Canada the United States and around the world. More than 95000 TD colleagues bring their skills talent and creativity to the Bank those we serve and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers communities and colleagues.

TD is deeply committed to being a leader in customer experience that is why we believe that all colleagues no matter where they work are customer facing. As we build our business and deliver on our strategy we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether youve got years of banking experience or are just starting your career in financial services we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs were here to support you towards your goals. As an organization we keep growing and so will you.

Our Total Rewards Package
Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial physical and mental well-being goals. Total Rewards at TD includes a base salary variable compensation and several other key plans such as health and well-being benefits savings and retirement programs paid time off banking benefits and discounts career development and reward and recognition programs. Learn more

Additional Information:
Were delighted that youre considering building a career with TD. Through regular development conversations training programs and a competitive benefits plan were committed to providing the support our colleagues need to thrive both at work and at home.

Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations requirements.

Colleague Development
If youre interested in a specific career path or are looking to build certain skills we want to help you succeed. Youll have regular career development and performance conversations with your manager as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience or you want to coach and inspire your colleagues there are many different career paths within our organization at TD and were committed to helping you identify opportunities that support your goals.

Training & Onboarding
We will provide training and onboarding sessions to ensure that youve got everything you need to succeed in your new role.

Interview Process
Well reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.

Accommodation
Your accessibility is important to us. Please let us know if youd like accommodations (including accessible meeting rooms captioning for virtual interviews etc.) to help us remove barriers so that you can participate throughout the interview process.

We look forward to hearing from you!

Language Requirement (Quebec only):