Skip to main content
Back to jobs

Frontier AI Security Threat Hunter

External
Wealthsimple logoWealthsimple · Remote
Full-timeRemote4w ago
Application SecurityAWSEncryptionPenetration TestingSAFe
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


About the role

We're building a new AI-enabled adversarial testing capability whose mandate is simple but ambitious: find all the ways Wealthsimple can be exploited before our AI-enabled adversaries do . This group combines penetration testing, secure code analysis, and attack simulation R&D to continuously probe Wealthsimple's systems using a combination of automation, autonomous AI agents, and human expertise. If you want to build an automated, end-to-end clearbox pentesting/red teaming platform, this is the team doing it! You'll join as an individual contributor on this team, reporting into the Manager, Application Security , working alongside a platform engineer, security researcher, and the application security team. As a Frontier AI Security Penetration Tester , you'll be a hybrid builder and breaker: Design and run automation-driven attack campaigns against Wealthsimple's products and infrastructure including activities like: Designing realistic AI attack scenarios that account for: Attacker goals, initial access assumptions, and constraints. Success criteria and clear boundaries for safety. Wealthsimple-specific risks, design flaws, trust boundaries, and risk tolerance Use and evolve our AI agents and tooling to: Perform recon, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in safe environments. Help shape and improve the automated testing pipeline : how we model assets, orchestrate agents, run automated workflows, and turn noisy outputs into actionable findings. You'll work closely with a platform engineer and a researcher to improve how scenarios and workflows are modeled and automated so we can automate the replay of promising attack paths. build and improve AI agents and tooling Propose and validate new tools or capabilities that unlock richer attack behavior Learn to use our native and in-house tooling to find more Work across the stack with platform engineers, AppSec, and other security teams to make automated and AI adversarial testing a routine, high-signal part of our SDLC . This includes: reviewing AI-generated findings to separate high-impact vulnerabilities from noise and false positives. Enhance proofs-of-concept into clear, reproducible steps for engineering teams and new automations Support remediation by pairing with engineers when needed and verifying that fixes address the root cause. You'll have substantial influence on the team's roadmap through experimentation and R&D. People who will succeed in this role are Courageously Ambitious - they enthusiastically tackle big audacious goals. Deeply Human - they take responsibility for bringing the best out of themselves and others. Problem Solvers - they have the ability and resilience to tackle complex issues, find common patterns, design solutions for scale, and see them through. Enthusiastic Communicators - they capture and share learnings by default, and are always looking to implement suggestions for improvements and guardrails Embraces change and experimentation - treat campaigns and framework changes as experiments. Thoughtfully define hypotheses, evaluation criteria, and success metrics, then analyze outcomes and share results with the team to guide next iterations.

Requirements

  • Required
  • Experience building AI- or automation-assisted offensive security tools .
  • Experience (5+ years preferred) in offensive security testing domains like penetration testing, red teaming, threat hunting, or attack simulations in complex environments with a proven history of working cross-functionally with high functioning teams.
  • Strong technical skills in:
  • Reading and reasoning about code and system designs.
  • Understanding modern cloud-native architectures (preferably AWS).
  • Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
  • Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
  • Familiarity with LLM- or agent-based systems (tool use/function calling, prompt design).
  • Comfort working with novel tools and ambiguity :
  • You're already experimenting with AI agents and have always had a scale and automation-first mindset to testing and discovering new vulnerabilities.
  • You can turn open-ended problems into small, testable steps.
  • Preferred b

Benefits

Paid time off

Additional Information

Build something people love Wealthsimple is Canada's leading financial innovator. The company offers a full suite of simple, sophisticated financial products across managed investing, do-it-yourself trading, cryptocurrency, tax filing, spending and saving. Wealthsimple currently serves more than 4 million Canadians and holds over $125 billion in assets under administration. The company was founded in 2014 by a team of financial experts and technology entrepreneurs, and is headquartered in Toronto, Canada. We're proud of what we've built - and we're just getting started. Read our Culture Manual and learn more about how we work .


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Wealthsimple? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect