Security Threat Hunter

Wealthsimple

Frontier AI Security Penetration Tester at Wealthsimple developing automation-driven attack campaigns. Collaborate with engineers to enhance automated testing pipelines and AI-driven security measures.

Posted 6/3/2026full-timeRemote • 🇨🇦 CanadaMid-LevelSenior💰 CA$151,200 - CA$189,000 per yearWebsite

Tech Stack

Tools & technologies

AWSCloudSDLC

About the role

Key responsibilities & impact

Design and run automation-driven attack campaigns against Wealthsimple’s products and infrastructure including activities like:
Designing realistic AI attack scenarios that account for:
- Attacker goals, initial access assumptions, and constraints.
- Success criteria and clear boundaries for safety.
- Wealthsimple-specific risks, design flaws, trust boundaries, and risk tolerance
Use and evolve our AI agents and tooling to:
- Perform recon, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in safe environments.
Help shape and improve the automated testing pipeline: how we model assets, orchestrate agents, run automated workflows, and turn noisy outputs into actionable findings. You’ll work closely with a platform engineer and a researcher to improve how scenarios and workflows are modeled and automated so we can automate the replay of promising attack paths.
Build and improve AI agents and tooling
Propose and validate new tools or capabilities that unlock richer attack behavior
Learn to use our native and in-house tooling to find more
Work across the stack with platform engineers, AppSec, and other security teams to make automated and AI adversarial testing a routine, high-signal part of our SDLC. This includes:
- Reviewing AI-generated findings to separate high-impact vulnerabilities from noise and false positives.
- Enhance proofs-of-concept into clear, reproducible steps for engineering teams and new automations
- Support remediation by pairing with engineers when needed and verifying that fixes address the root cause.

Requirements

What you’ll need

Experience (5+ years preferred) in offensive security testing domains like penetration testing, red teaming, threat hunting, or attack simulations in complex environments with a proven history of working cross-functionally with high functioning teams.
Strong technical skills in:
- Reading and reasoning about code and system designs.
- Understanding modern cloud-native architectures (preferably AWS).
- Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
- Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
- Familiarity with LLM- or agent-based systems (tool use/function calling, prompt design).
Comfort working with novel tools and ambiguity:
- You’re already experimenting with AI agents and have always had a scale and automation-first mindset to testing and discovering new vulnerabilities.
- You can turn open-ended problems into small, testable steps.

Benefits

Comp & perks

Top-tier health benefits and life insurance
Long-term group savings with employer match, through Wealthsimple for Business
20 vacation days, 4 wellness days, and unlimited sick and mental health days per year
90 days away: work outside Canada for up to 90 days per year
Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

offensive security testingpenetration testingred teamingthreat huntingattack simulationscloud-native architecturesnetwork securityencryptiondata protectionpenetration testing methodologies

Soft Skills

cross-functional collaborationproblem-solvingadaptabilitycommunicationcreativityanalytical thinkingattention to detailteamworkcritical thinkinginnovation