Remote Intermediate Software Developer

Summary

Join Wealthsimple's Application Security and Posture Management team to protect customer trust by ensuring the utmost security of our applications and customer data. As a key member, you will audit source code, develop custom security libraries, integrate tooling for automated security scanning, lead bug bounty efforts, and design attack scenarios to simulate real-world threats.

Requirements

• Has proficiency with Javascript and Ruby on Rails
• Is able to reason through Python and Java/Kotlin code bases
• Understands and can identify and propose fixes for application security gotchas such as those listed in OWASP Top 10
• Exhibits and offensive security mindset - thinking critically about what could go wrong
• Is comfortable with digging into logs using tools such as SQL and SIEM
• Is able to clearly and effectively communicate, internally and externally, security best practices and strategy

Responsibilities

• Audit source code and perform code reviews for critical application changes
• Develop and maintain custom security libraries, tools, and services such as geolocator, panko, security-bot, Input Sanitization middleware to mitigate Injection based attacks; and GraphQL API Security controls
• Integrate tooling used for automated security scanning, including Semgrep for SAST, SCA and Secrets Detection; and Nuclei
• Lead bug bounty efforts and provide hands-on guidance for vulnerability remediation and train developers on common security pitfalls, fostering a proactive security culture within the development process
• Implement data pipeline to aggregate data from security tools and build monitors and detection to alert us of potential compromise
• Design and implement attack scenarios to simulate real-world threats, allowing us to uncover any potential weaknesses in our systems and infrastructure

Benefits

• Competitive salary with top-tier health benefits and life insurance
• Retirement savings matching plan using Wealthsimple Work
• 20 vacation days per year and unlimited sick and mental health days
• Up to $1,500 per year towards wellness and professional development budgets respectively
• 90 days away program: Employees can work internationally in eligible countries for up to 90 days per calendar year