You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Protect Analytic Engineer ( SIEM/ SPLUNK engineering)

Toronto, ON
Full Time
Company Overview

Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story:

Department Overview

We are looking for someone with a strong Splunk administration background, who will be working in a senior role as a Subject Matter Expert (SME) with our Protect Analytics Engineering (PAE) team of Engineers who are responsible for the management of TD Enterprise SIEM and related Cyber security analytics platforms (Splunk, Sentinel, CRIBL). You will be working on cyber security analytics projects, architecting, and managing TD Security information and Event management (SIEM) platforms, providing technical expertise with a focus on efficiency, reliability, scalability, and security. This includes planning, evaluating, recommending, designing, operationalizing, and supporting solutions in compliance with enterprise and industry standards. At TD, we hope you'll be inspired both by the work we do and the people who make it all happen.

Job Description
Role and Responsibilities
  • Work with the Senior manager to plan strategic roadmap for Cyber security analytics technologies in coordination with the business aspects of Fusion Analytics.
  • You will be performing administration and engineering tasks related to the management Splunk systems, Microsoft Sentinel, and CRIBL log stream.
  • Hands On administration of Splunk Enterprise Security (ES)
  • Work collaboratively with the Protect Platform teams as they onboard data needed for the security use cases, dashboard and report creation in Splunk and Sentinel.
  • Support the Public Cloud initiatives.
  • Think creatively to discover and support automation opportunities
  • Provide L3 support when needed by the L2 teams.
  • Triage, troubleshoot and resolve complex Splunk infrastructure issues
  • Ensure capacity planning, currency uplifts are planned and executed.


  • Good knowledge of SIEM (Security Information and Event Management)
  • Planning/architecting a Splunk server environment and performing the software install/configurations.
    - Writing scripts in Linux Shell, Windows PowerShell, and/or Python.
    - Documentation - should be comfortable documenting solutions in tools like Confluence
    - Splunk Enterprise Security (ES) Admin experience
  • Advanced knowledge of enterprise Splunk and Azure Sentinel.
  • Verifiable robust operational experience in managing Splunk in a large organization
  • Expert level skillset in troubleshooting and resolving complex Splunk infrastructure issues.
  • Strong knowledge of organization, technology controls, security, and risk issues
  • Strong consultation, communication skills and ability to triage.
  • Demonstrated ability to participate in and lead complex, comprehensive or large projects and initiatives.
  • Strong partnership skills to ensure collaboration across a team and other lines of business as part of control execution.
  • Excellent written and oral communications skills and ability to articulate and present information to senior executives, peers, all levels of technical staff, and stakeholders
  • Strong knowledge of Azure sentinel or Cribl log stream is desirable and an added advantage.

  • University Degree.
  • CISSP or equivalent security certification required
  • Splunk certification
  • Azure and/or Cribl certification a benefit.

CISSP, CRISC or equivalent required; OSCP, CCSP, CISM highly desirable

Additional Information

Join in on what others in TD Technology Solutions are doing:
  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking,
  • #tdcybersecurity
  • #LI-Post



At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.
Information Technology