
Security Threat Hunter
Posted Jun 20

Posted Jun 20
This is a fully remote position, open to applicants in Canada.
• Develop and execute automation-driven attack campaigns targeting Wealthsimple’s products and infrastructure, which includes activities such as:
• Crafting realistic AI attack scenarios that consider:
• - Objectives of attackers, assumptions regarding initial access, and constraints.
• - Criteria for success and well-defined safety boundaries.
• - Specific risks related to Wealthsimple, design vulnerabilities, trust boundaries, and risk tolerance.
• Utilize and enhance our AI agents and tools to:
• - Conduct reconnaissance, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in secure environments.
• Contribute to the refinement of the automated testing pipeline: how we model assets, orchestrate agents, execute automated workflows, and convert noisy outputs into actionable insights. Collaborate closely with a platform engineer and a researcher to enhance the modeling and automation of scenarios and workflows, enabling the automation of promising attack path replays.
• Develop and improve AI agents and tools.
• Suggest and validate new tools or capabilities that facilitate more complex attack behaviors.
• Acquire knowledge in utilizing our proprietary and in-house tools for further exploration.
• Collaborate across various teams, including platform engineers, AppSec, and other security teams to integrate automated and AI adversarial testing into our SDLC as a routine, high-signal practice. This entails:
• - Evaluating AI-generated findings to distinguish high-impact vulnerabilities from noise and false positives.
• - Transforming proofs-of-concept into clear, reproducible steps for engineering teams and new automations.
• - Assisting in remediation by working alongside engineers when necessary and ensuring that fixes address the root causes.
• A minimum of 5 years of experience in offensive security testing fields such as penetration testing, red teaming, threat hunting, or attack simulations within complex environments, with a demonstrated ability to work cross-functionally with high-performing teams.
• Strong technical proficiency in:
• - Analyzing and reasoning about code and system designs.
• - Grasping modern cloud-native architectures (preferably AWS).
• - Understanding networks, endpoints, identity systems, cloud infrastructure, encryption, data protection, and application deployment stacks.
• - Familiarity with standard penetration testing methodologies, including NIST SP 800-115.
• - Knowledge of LLM- or agent-based systems (tool usage/function calling, prompt design).
• Ability to navigate novel tools and ambiguity:
• - You are actively experimenting with AI agents and maintain a scale and automation-first approach to testing and uncovering new vulnerabilities.
• - You excel at breaking down open-ended problems into smaller, testable components.
• Comprehensive health benefits and life insurance.
• Long-term group savings with employer match, facilitated through Wealthsimple for Business.
• 20 vacation days, 4 wellness days, and unlimited sick and mental health days each year.
• Opportunity to work outside Canada for up to 90 days per year.
• Access to employee resource groups, such as Rainbow (2SLGBTQ), Women of WS, and Black at WS.
LexisNexis
Futures
Hunt St
CRC Insurance Services
Get handpicked remote jobs straight to your inbox weekly.