WealthsimpleRemote
Security Threat Hunter
Canada
Full Time
1 day ago
$151,200 - $189,000 CAD
No Sponsorship
Key skills
AWSCloudSDLCAILLMPenetration Testing
About this role
Role Overview
- Design and run automation-driven attack campaigns against Wealthsimple’s products and infrastructure including activities like:
- Designing realistic AI attack scenarios that account for:
- Attacker goals, initial access assumptions, and constraints.
- Success criteria and clear boundaries for safety.
- Wealthsimple-specific risks, design flaws, trust boundaries, and risk tolerance
- Use and evolve our AI agents and tooling to:
- Perform recon, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in safe environments.
- Help shape and improve the automated testing pipeline: how we model assets, orchestrate agents, run automated workflows, and turn noisy outputs into actionable findings. You’ll work closely with a platform engineer and a researcher to improve how scenarios and workflows are modeled and automated so we can automate the replay of promising attack paths.
- Build and improve AI agents and tooling
- Propose and validate new tools or capabilities that unlock richer attack behavior
- Learn to use our native and in-house tooling to find more
- Work across the stack with platform engineers, AppSec, and other security teams to make automated and AI adversarial testing a routine, high-signal part of our SDLC. This includes:
- Reviewing AI-generated findings to separate high-impact vulnerabilities from noise and false positives.
- Enhance proofs-of-concept into clear, reproducible steps for engineering teams and new automations
- Support remediation by pairing with engineers when needed and verifying that fixes address the root cause.
Requirements
- Experience (5+ years preferred) in offensive security testing domains like penetration testing, red teaming, threat hunting, or attack simulations in complex environments with a proven history of working cross-functionally with high functioning teams.
- Strong technical skills in:
- Reading and reasoning about code and system designs.
- Understanding modern cloud-native architectures (preferably AWS).
- Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
- Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
- Familiarity with LLM
- or agent-based systems (tool use/function calling, prompt design).
- Comfort working with novel tools and ambiguity:
- You’re already experimenting with AI agents and have always had a scale and automation-first mindset to testing and discovering new vulnerabilities.
- You can turn open-ended problems into small, testable steps.
Tech Stack
- AWS
- Cloud
- SDLC
Benefits
- Top-tier health benefits and life insurance
- Long-term group savings with employer match, through Wealthsimple for Business
- 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year
- 90 days away: work outside Canada for up to 90 days per year
- Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS