Work Location:Toronto, Ontario, Canada
Hours:37.5
Line of Business:Technology Solutions
Pay Details:$96,900 - $136,800 CAD
This role is temporarily eligible for a pay premium above the posted salary range that is reassessed annually. You are encouraged to have an open dialogue with your recruiter who can provide more specific pay details for this role.
TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.
As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.
Job Description:We are seeking a highly motivated Cloud Platform Enablement Engineer with deep expertise across Identity & Access Management, cloud networking, and infrastructure automation. In this role, you will design and operate secure, scalable, and auditable cloud infrastructure across Azure, GCP, and on-premises environments - codifying IAM patterns, enforcing least-privilege models, automating network provisioning, and enabling self-service access for developer and application teams.
This role is central to our broader initiative to modernize secrets management, workload identity, compliance automation, and multi-cloud networking through infrastructure-as-code and GitHub Actions pipelines.
KEY ACCOUNTABILITIESIdentity & Access Management- Design, deploy, and manage Azure Entra ID configurations: App Registrations, Service Principals, and Conditional Access policies
- Define and assign RBAC roles across Azure subscriptions and management groups; manage GCP service account and organizational unit lifecycles
- Manage HashiCorp Vault policies, secret rotation, and credential lifecycle
- Implement authentication patterns including OAuth 2.0, OIDC, certificate-based auth, and Workload Identity Federation (GCP WIF / Azure Federated Credentials) to eliminate static credentials
Cloud Networking- Design and deploy scalable, highly available network architectures across Azure, GCP, and AWS
- Configure and manage cloud networking components: VPCs, subnets, firewalls, VPNs, load balancers, DNS, Direct Connect, and ExpressRoute
- Implement and maintain multi-cloud and hybrid connectivity solutions between cloud platforms and on-premises data centers
- Monitor and optimize network performance (latency, throughput, reliability); conduct troubleshooting and root-cause analysis
- Apply network security best practices and ensure compliance with TD policies and regulatory standards
Automation & Engineering- Build and maintain GitHub Actions workflows for self-service provisioning of infrastructure, IAM roles, and secrets using Terraform
- Develop reusable, TD-compliant Terraform modules for GCP, Azure, and on-prem resources (VMs, networks, K8s clusters, Key Vaults, etc.)
- Automate GitHub repository onboarding - identity pool bindings, service account associations, and OIDC pipeline authorization
- Drive certificate-based authentication automation for on-prem VMs accessing Vault and internal services
- Design self-service onboarding workflows for developers across EDP-GT, EDP-XL, and TD Universe environments
- Write Python or PowerShell scripts to reduce operational toil and improve platform reliability
Operations & Compliance- Process ServiceNow requests for access provisioning with SLA adherence
- Support compliance activities: audit attestations, access reviews, and RFI responses
- Participate in capacity planning and network infrastructure scaling
- Maintain operational documentation, runbooks, and knowledge base articles; contribute to Confluence living strategies
Collaboration & Continuous Improvement- Partner with security, IAM, and cloud architecture teams to implement compliant patterns for identity, access, and networking
- Work with application teams to translate access and connectivity requirements into implemented solutions
- Identify and execute opportunities to automate manual processes
- Mentor team members and contribute to knowledge sharing across the platform
EXPERIENCE AND EDUCATION- 7+ years of hands-on experience in DevOps, SRE, Platform Engineering, or Cloud Network Engineering roles (5+ years considered for candidates with exceptional IAM or automation depth)
- Undergraduate degree or Technical Certificate required; Graduate degree preferred
- Proven experience designing and managing network infrastructure across Azure, GCP, and/or AWS
- Strong Terraform and GitHub Actions background, including multi-environment deployments
- Demonstrated knowledge of cloud IAM models and network security in regulated environments
- Comfortable operating in fast-paced, Agile/Scrum teams under tight delivery timelines
- Strong analytical, problem-solving, and cross-functional communication skills
Our Total Rewards PackageOur Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more
Additional Information:We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home.
Colleague Development If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities.
If you're passionate about helping clients and building deep, lasting relationships, TD offers diverse career paths where you can grow your expertise and make a meaningful impact.
We're committed to your success and foster a respectful workplace where diverse perspectives are valued, everyone has fair opportunities to grow, and you can unlock your full potential to achieve your career goals. Here at TD, we hire and develop the best.
Training & OnboardingWe will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role.
Interview Process We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.
Accommodation Your accessibility is important to us. Please let us know if you'd like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process.
We look forward to hearing from you!
Language Requirement (Quebec only):Sans Objet
