Frontier AI Security Threat Hunter

Build something people love

Wealthsimple is Canada’s leading financial innovator. The company offers a full suite of simple, sophisticated financial products across managed investing, do-it-yourself trading, cryptocurrency, tax filing, spending and saving. Wealthsimple currently serves more than 4 million Canadians and holds over $125 billion in assets under administration. The company was founded in 2014 by a team of financial experts and technology entrepreneurs, and is headquartered in Toronto, Canada.

We're proud of what we've built — and we're just getting started. Read our Culture Manual and learn more about how we work.

About the team

We’re building a new AI-enabled adversarial testing capability whose mandate is simple but ambitious: find all the ways Wealthsimple can be exploited before our AI-enabled adversaries do. This group combines penetration testing, secure code analysis, and attack simulation R&D to continuously probe Wealthsimple’s systems using a combination of automation, autonomous AI agents, and human expertise. If you want to build an automated, end-to-end clearbox pentesting/red teaming platform, this is the team doing it!

You’ll join as an individual contributor on this team, reporting into the Manager, Application Security, working alongside a platform engineer, security researcher, and the application security team.

About the role

As a Frontier AI Security Penetration Tester, you’ll be a hybrid builder and breaker:

• Design and run automation-driven attack campaigns against Wealthsimple’s products and infrastructure including activities like:

  • Designing realistic AI attack scenarios that account for:

    • Attacker goals, initial access assumptions, and constraints.

    • Success criteria and clear boundaries for safety.

    • Wealthsimple-specific risks, design flaws, trust boundaries, and risk tolerance

  • Use and evolve our AI agents and tooling to:

    • Perform recon, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in safe environments.

• Help shape and improve the automated testing pipeline: how we model assets, orchestrate agents, run automated workflows, and turn noisy outputs into actionable findings. You’ll work closely with a platform engineer and a researcher to

  • improve how scenarios and workflows are modeled and automated so we can automate the replay of promising attack paths.

  • build and improve AI agents and tooling

  • Propose and validate new tools or capabilities that unlock richer attack behavior

  • Learn to use our native and in-house tooling to find more

• Work across the stack with platform engineers, AppSec, and other security teams to make automated and AI adversarial testing a routine, high-signal part of our SDLC. This includes:

  • reviewing AI-generated findings to separate high-impact vulnerabilities from noise and false positives.

  • Enhance proofs-of-concept into clear, reproducible steps for engineering teams and new automations

  • Support remediation by pairing with engineers when needed and verifying that fixes address the root cause.

You’ll have substantial influence on the team’s roadmap through experimentation and R&D.

People who will succeed in this role are

• Courageously Ambitious - they enthusiastically tackle big audacious goals.

• Deeply Human - they take responsibility for bringing the best out of themselves and others.

• Problem Solvers - they have the ability and resilience to tackle complex issues, find common patterns, design solutions for scale, and see them through.

• Enthusiastic Communicators - they capture and share learnings by default, and are always looking to implement suggestions for improvements and guardrails

Embraces change and experimentation - treat campaigns and framework changes as experiments. Thoughtfully define hypotheses, evaluation criteria, and success metrics, then analyze outcomes and share results with the team to guide next iterations.

Skills and Experience

Required

• Experience (5+ years preferred) in offensive security testing domains like penetration testing, red teaming, threat hunting, or attack simulations in complex environments with a proven history of working cross-functionally with high functioning teams.

• Strong technical skills in:

  • Reading and reasoning about code and system designs.

  • Understanding modern cloud-native architectures (preferably AWS).

  • Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.

  • Knowledge of standard penetration testing methodologies, including NIST SP 800-115.

  • Familiarity with LLM- or agent-based systems (tool use/function calling, prompt design).

• Comfort working with novel tools and ambiguity:

  • You’re already experimenting with AI agents and have always had a scale and automation-first mindset to testing and discovering new vulnerabilities.

  • You can turn open-ended problems into small, testable steps.

Preferred but not required:

• Experience building AI- or automation-assisted offensive security tools.

• Familiarity with Ruby, React, and GraphQL testing

• Development and/or scripting competence

• AWS testing experience

• Previous industry experience in Financial Services

Why Wealthsimple?

🌸 Top-tier health benefits and life insurance

📈 Long-term group savings with employer match, through Wealthsimple for Business

🌴 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year

✈️ 90 days away: work outside Canada for up to 90 days per year

👥 Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS

🌎 We are a hybrid team with over 1,500 employees across North America. The people are one of the best parts of working here: you'll collaborate with incredibly talented, curious, and driven teammates who are deeply committed to doing great work.

ICYMI

Technology & Innovation at Wealthsimple: We move quickly and build thoughtfully. That means we're always looking for better ways to work — whether that's new tools, AI, or rethinking how we approach a problem. We don't expect you to have all the answers, but we do expect curiosity and a willingness to evolve alongside the products we're building.

Inclusion Statement: We're building products for a diverse world, and we need a diverse team to do it well. We strongly encourage applications from everyone, regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.

Accessibility Statement: We're committed to an accessible hiring experience. If you need any accommodations throughout the interview process, please let us know — we'll work with you to make sure you have what you need. We also welcome any feedback on how we can better accommodate candidates with accessibility needs.

AI in Hiring: We may use artificial intelligence (AI) tools to support parts of our hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our team but don't replace human judgment – all final hiring decisions are made by people. If you have questions about how your data is used, reach out to us.