Security Threat Hunter

This is a fully remote position, open to applicants in Canada.

📋 Description

• Develop and execute automation-driven attack campaigns targeting Wealthsimple’s products and infrastructure, which includes activities such as:

• Crafting realistic AI attack scenarios that consider:

• - Objectives of attackers, assumptions regarding initial access, and constraints.

• - Criteria for success and well-defined safety boundaries.

• - Specific risks related to Wealthsimple, design vulnerabilities, trust boundaries, and risk tolerance.

• Utilize and enhance our AI agents and tools to:

• - Conduct reconnaissance, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in secure environments.

• Contribute to the refinement of the automated testing pipeline: how we model assets, orchestrate agents, execute automated workflows, and convert noisy outputs into actionable insights. Collaborate closely with a platform engineer and a researcher to enhance the modeling and automation of scenarios and workflows, enabling the automation of promising attack path replays.

• Develop and improve AI agents and tools.

• Suggest and validate new tools or capabilities that facilitate more complex attack behaviors.

• Acquire knowledge in utilizing our proprietary and in-house tools for further exploration.

• Collaborate across various teams, including platform engineers, AppSec, and other security teams to integrate automated and AI adversarial testing into our SDLC as a routine, high-signal practice. This entails:

• - Evaluating AI-generated findings to distinguish high-impact vulnerabilities from noise and false positives.

• - Transforming proofs-of-concept into clear, reproducible steps for engineering teams and new automations.

• - Assisting in remediation by working alongside engineers when necessary and ensuring that fixes address the root causes.

⛳️ Requirements

• A minimum of 5 years of experience in offensive security testing fields such as penetration testing, red teaming, threat hunting, or attack simulations within complex environments, with a demonstrated ability to work cross-functionally with high-performing teams.

• Strong technical proficiency in:

• - Analyzing and reasoning about code and system designs.

• - Grasping modern cloud-native architectures (preferably AWS).

• - Understanding networks, endpoints, identity systems, cloud infrastructure, encryption, data protection, and application deployment stacks.

• - Familiarity with standard penetration testing methodologies, including NIST SP 800-115.

• - Knowledge of LLM- or agent-based systems (tool usage/function calling, prompt design).

• Ability to navigate novel tools and ambiguity:

• - You are actively experimenting with AI agents and maintain a scale and automation-first approach to testing and uncovering new vulnerabilities.

• - You excel at breaking down open-ended problems into smaller, testable components.

🏝️ Benefits

• Comprehensive health benefits and life insurance.

• Long-term group savings with employer match, facilitated through Wealthsimple for Business.

• 20 vacation days, 4 wellness days, and unlimited sick and mental health days each year.

• Opportunity to work outside Canada for up to 90 days per year.

• Access to employee resource groups, such as Rainbow (2SLGBTQ), Women of WS, and Black at WS.