Wealthsimple is hiring a
Staff Application Security Developer

Summary

The job is for an Application Security Engineer at Wealthsimple, a Canadian fintech company with over 3 million users. The role involves building security tooling, conducting security assessments, and collaborating with development teams to build secure features. The ideal candidate should have proficiency in Ruby on Rails, understand application security gotchas, possess an offensive security mindset, and be able to communicate effectively.

Requirements

• Has proficiency developing Ruby on Rails applications
• Is able to reason through JavaScript, Python & Java/Kotlin code bases which are languages used in some of our support services
• Understands and can identify and propose fixes for application security gotchas such as those listed in OWASP Top 10
• Possesses an offensive security mindset
• Is comfortable with digging into logs using tools such as SQL and SIEM
• Is able to clearly and effectively communicate, internally and externally, security best practices and strategy
• Is an effective listener, consensus builder and effectively incorporates diverse ideas into a coherent vision

Responsibilities

• Build security tooling, automations and processes to integrate security into the Software Development Lifecycle with developer experience in mind
• Conduct security assessments and threat model application designs and solutions
• Audit source code and perform code reviews for critical application changes
• Provide hands-on vulnerability remediation guidance to developers
• Design and implement attack scenarios to simulate real-world threats, allowing us to uncover any potential weaknesses in our systems and infrastructure
• Engage in detection engineering to identify and analyze potential threats and attacks. Develop threat detection logic and response processes for applicable datasets. Respond to alerts as needed
• Keep up-to-date with the latest security trends, tools, and techniques to continuously enhance the security posture of the organization. You will research and evaluate emerging threats and vulnerabilities, and provide recommendations for improving our security practices
• Provide guidance and mentorship
• Collaborate with development teams to build security features and capabilities into our products that enhance customer trust

Benefits

• Competitive Salary
• Top-tier health benefits and life insurance
• Retirement savings matching plan using Wealthsimple Work
• 20 vacation days per year and unlimited sick and mental health days
• Up to $1500 per year towards wellness and professional development budgets respectively
• 90 days away program: Employees can work internationally in eligible countries for up to 90 days per calendar year
• A wide variety of peer and company-led Employee Resource Groups (ie. Rainbow, Women of Wealthsimple, Black @ WS)
• Company-wide wellness days off scheduled throughout the year