AppSec Jobs
← Back to all jobs

TD

Security Engineer

Toronto, Ontario, CanadaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About TD

TD Bank Group, commonly known as TD, is a leading Canadian multinational banking and financial services corporation based in Toronto, Ontario. Established in 1955 through the merger of The Bank of Toronto and The Dominion Bank, TD has grown to become one of Canada's "Big Five" banks. With a significant presence in the United States, TD serves approximately 27 million customers through over 2,200 locations across Canada and the eastern U.S. TD offers a wide range of banking solutions, including personal and business banking services, wealth management, insurance, and capital markets. Its U.S. subsidiary, TD Bank, N.A., focuses on community banking and has expanded through various acquisitions. The company is committed to customer service, community involvement, and fostering a diverse workforce, reflecting its evolution from regional roots to a prominent North American financial institution.

Industry

banking

Employees

100,000

4678 engineers

Revenue

$83B

Website

Visit →

Security at TD

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

TD emphasizes a fundamental commitment to privacy and a safe online environment as core to their business operations. They maintain a proactive stance on vulnerability reporting and are particularly interested in findings relating to the OWASP Top 10 for their web applications. The organization states: "Protecting your information and privacy are fundamental to the way we do business" and "We go to great lengths to provide you with a safe and secure online environment." However, specific details on developer enablement versus gatekeeping approaches and internal developer-security interaction models are not publicly documented.

Security Team

TD's security organization is led by Steve (Stephen) Sparkes, Senior Vice President & Chief Information Security Officer (appointed April 2025), who manages a team of 1,500 professionals across enterprise security. The organization focuses on Technology Solutions as a key line of business. Active job postings indicate emphasis on Generative AI security, Secrets Management, Threat Modeling, and SIEM/EDR proficiency. Specific AppSec sub-team size is not publicly available, though the larger enterprise security team structure provides the framework for application security initiatives.

Key Initiatives

TD's security initiatives include vulnerability management processes welcoming reports on publicly accessible systems such as web applications, with authorized research activities. Key recent initiatives focus on AI/Generative AI security strategy and engineering solutions, including advanced offensive security testing across AI/ML systems. Threat modeling exercises are supported as part of secure SDLC practices. No public evidence of a formal Security Champions program or specific CI/CD integration details has been found.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.