Wealthsimple is hiring a
Intermediate Software Developer

Summary

Join Wealthsimple as an Application Security Engineer to protect customer trust by ensuring the utmost security of applications and customer data. Collaborate with development teams, develop custom security tools, integrate automated security scanning tooling, lead bug bounty efforts, implement data pipelines for security monitoring, design attack scenarios, stay updated with the latest security trends, and communicate security best practices.

Requirements

• Has proficiency with Javascript and Ruby on Rails
• Is able to reason through Python and Java/Kotlin code bases
• Understands and can identify and propose fixes for application security gotchas such as those listed in OWASP Top 10
• Exhibits an offensive security mindset - thinking critically about what could go wrong
• Is comfortable with digging into logs using tools such as SQL and SIEM
• Is able to clearly and effectively communicate, internally and externally, security best practices and strategy
• Is an effective listener, consensus builder and effectively incorporates diverse ideas into a coherent vision

Responsibilities

• Audit source code and perform code reviews for critical application changes
• Develop and maintain custom security libraries, tools, and services such as geolocator, panko, security-bot, Input Sanitization middleware to mitigate Injection based attacks; and GraphQL API Security controls
• Integrate tooling used for automated security scanning, including Semgrep for SAST, SCA and Secrets Detection; and Nuclei
• Lead bug bounty efforts and provide hands-on guidance for vulnerability remediation and train developers on common security pitfalls, fostering a proactive security culture within the development process
• Implement data pipeline to aggregate data from security tools and build monitors and detection to alert us of potential compromise
• Design and implement attack scenarios to simulate real-world threats, allowing us to uncover any potential weaknesses in our systems and infrastructure

Benefits

• Competitive salary with top-tier health benefits and life insurance
• Retirement savings matching plan using Wealthsimple Work
• 20 vacation days per year and unlimited sick and mental health days
• Up to $1,500 per year towards wellness and professional development budgets respectively
• 90 days away program: Employees can work internationally in eligible countries for up to 90 days per calendar year
• A wide variety of peer and company-led Employee Resource Groups (ie. Rainbow, Women of Wealthsimple, Black @ WS)
• Company-wide wellness days off scheduled throughout the year