Frontier AI Security Researcher

Build something people love

Wealthsimple is Canada’s leading financial innovator. The company offers a full suite of simple, sophisticated financial products across managed investing, do-it-yourself trading, cryptocurrency, tax filing, spending and saving. Wealthsimple currently serves more than 4 million Canadians and holds over $125 billion in assets under administration. The company was founded in 2014 by a team of financial experts and technology entrepreneurs, and is headquartered in Toronto, Canada.

We're proud of what we've built — and we're just getting started. Read our Culture Manual and learn more about how we work.

About the team

We’re building a new AI-enabled adversarial testing capability whose mandate is simple but ambitious: find all the ways Wealthsimple can be exploited before our AI-enabled adversaries do. This group combines penetration testing, secure code analysis, and attack simulation R&D to continuously probe Wealthsimple’s systems using a combination of automation, autonomous AI agents, and human expertise. If you want to build an automated, end-to-end clearbox pentesting/red teaming platform, this is the team doing it!

You’ll join as an individual contributor on this team, reporting into the Manager, Application Security, working alongside one or more threat hunters/adversarial simulation/pentesters, a platform engineer, and the application security team

About the role

You will focus on the R&D and scaffold design side of automated AI-enabled adversarial testing:

• Design and build scaffolds to automate attacker/threat modeling, attack discovery and exploitation techniques at scale

  • Identify promising attack surfaces and scenarios across Wealthsimple’s stack.

  • Architect and tune agents, prompts, and toolchains that implement real attacker TTPs.

  • Define success metrics and evaluation criteria for automations/ai so we can select and fine tune tooling and model use

  • Design and iterate on multi-step agent strategies that combine observation, planning, action, and self-learning

  • Improve effectiveness and automation coverage and reduce unproductive actions and loops

  • Propose and validate new tools or environment features that enable richer or more realistic attacks.

• Research and design new AI-driven attack strategies and scenarios in anticipation of what adversaries might misuse LLMs to do in future, then help design detections and defensive measures

• Analyze AI behavior and results to discover systemic weaknesses and strengths and improve platform design / outputs and compensate for weaknesses.

  • Compare different models, prompts, and tool sets on the same scenarios.

  • Measure meaningful outcomes (bugs found, depth of compromise, time-to-finding, false-positive behaviour).

  • Benchmark AI-driven testing against our other tooling and manual test results to understand return on investment and where to invest effort and expertise to best advantage

• Translate agent outputs into high-quality findings and systemic improvements.

  • Identify high-confidence vulnerabilities and attack paths.

  • Analyze findings to uncover recurring vulnerability types and control gaps, then help us fix them

  • Understand how agents discovered issues and what that implies for our defences.

  • Share learnings and help build guardrails, detections, systemic framework fixes, libraries, or new agents/experiments

You’ll help shape the team’s direction through research, proposals, benchmarking, and improved design/implementation.

People who will succeed in this role are

• Courageously Ambitious - they enthusiastically tackle big audacious goals.

• Deeply Human - they take responsibility for bringing the best out of themselves and others.

• Problem Solvers for scale - they have the ability and resilience to tackle complex issues, find common patterns, design solutions for scale, and see them through.

• Enthusiastic Communicators - they capture and share learnings by default, and are always looking to implement suggestions for improvements and guardrails

• Embraces change and experimentation - treat campaigns and framework changes as experiments. Thoughtfully define hypotheses, evaluation criteria, and success metrics, then analyze outcomes and share results with the team to guide next iterations.

Skills and Experience

• 5+ years of experience in offensive security and/or vulnerability research

• Prior work blending automation with offensive security (e.g., custom tooling, fuzzer integrations).

• Strong technical skills in reading and reasoning about code, infrastructure, and designs.

• Experience building, evaluating, or using LLM- or agent-based systems in any domain.

• A strong curiosity about and openness to AI-augmented workflows:

  • Comfortable iterating on prompts, tools, and agent behaviours.

  • Pragmatic about what AI can and cannot do today.

• Working experience with large language models and how they work; for example, you may have written agent scaffolds

• Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.

• Knowledge of standard penetration testing methodologies, including NIST SP 800-115.

Preferred but not required:

• Published research papers on computer security, language modelling, offensive security tool benchmarking, or related topics; or given talks at Defcon, Blackhat, CCC, or other reputable venues

• Contributed to open-source projects in LLM- or security-related projects, especially those contributing to AI / LLM-specific guardrails and models

• Experience in financial services

• Data science and data pipeline development experience

• Familiarity with Ruby, React, GraphQL, AWS

• Some software or systems engineering experience

• Previous industry experience in Financial Services is preferred.

Why Wealthsimple?

🌸 Top-tier health benefits and life insurance

📈 Long-term group savings with employer match, through Wealthsimple for Business

🌴 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year

✈️ 90 days away: work outside Canada for up to 90 days per year

👥 Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS

🌎 We are a hybrid team with over 1,500 employees across North America. The people are one of the best parts of working here: you'll collaborate with incredibly talented, curious, and driven teammates who are deeply committed to doing great work.

ICYMI

Technology & Innovation at Wealthsimple: We move quickly and build thoughtfully. That means we're always looking for better ways to work — whether that's new tools, AI, or rethinking how we approach a problem. We don't expect you to have all the answers, but we do expect curiosity and a willingness to evolve alongside the products we're building.

Inclusion Statement: We're building products for a diverse world, and we need a diverse team to do it well. We strongly encourage applications from everyone, regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.

Accessibility Statement: We're committed to an accessible hiring experience. If you need any accommodations throughout the interview process, please let us know — we'll work with you to make sure you have what you need. We also welcome any feedback on how we can better accommodate candidates with accessibility needs.

AI in Hiring: We may use artificial intelligence (AI) tools to support parts of our hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our team but don't replace human judgment – all final hiring decisions are made by people. If you have questions about how your data is used, reach out to us.