Remote Staff Security Developer

Summary

Join Wealthsimple's Application Security & Posture Management team as a senior security engineer and help us build a secure and reliable platform for millions of users. You will be responsible for security architecture, tooling, and offensive security testing. This role requires extensive experience in application security, security tooling, and secure coding practices. You will work closely with product and development teams, mentoring junior developers, and driving improvements to our security posture. Wealthsimple offers a competitive salary, comprehensive benefits, and a remote-first work environment. We are committed to building a diverse and inclusive team.

Requirements

• Have an average of 8 years of experience in security or software development, with at least 4 years in application security and 2 years as a Senior
• Possess proven experience in security tooling (e.g., SAST, DAST, SCA, etc.), security architecture (e.g., threat modelling, secure code review, etc.), and offensive security (e.g., bug bounty programs, pentesting, etc.)
• Be able to read and write code at a Sr. Developer level, with a preference for experience with Ruby, Javascript, Java, and Python
• Demonstrate excellent leadership skills and a track record of working closely with product and development teams while growing talent on the team
• Have a history demonstrating a maker owner and growth mindset; always thinking and acting like a team player and coach

Responsibilities

• Complete an initial assessment of the application security program and team and articulate key risks and opportunities to the business
• Take ownership of existing services, libraries, integrations, and processes, prioritizing improvements or fixes with the team
• Identify the top 3 areas of risk in our applications and develop proposals to address them while balancing friction to the organization and long-term support
• Establish good working relationships with vulnerability management and product teams through program and product reviews, executing on 2-4 threat modelling or pentesting opportunities
• Begin a coaching and mentoring relationship with more junior developers, helping define and promote a culture of security
• Ship a service, library, or process designed to address one of the previously identified top 3 risks in our applications
• Define an approach to making the easy way the secure way for developers and establish a technical vision for the team
• Ensure the team is firmly integrated in both SDLC and with product partners through continuous validation and security scorecarding

Preferred Qualifications

Experience with Ruby, Javascript, Java, and Python

Benefits

• Competitive salary with top-tier health benefits and life insurance
• Retirement savings matching plan using Wealthsimple Work
• 20 vacation days per year and unlimited sick and mental health days
• Up to $1,500 per year towards wellness and professional development budgets respectively
• 90 days away program: Employees can work internationally in eligible countries for up to 90 days per calendar year
• A wide variety of peer and company-led Employee Resource Groups (ie. Rainbow, Women of Wealthsimple, Black @ WS)
• Company-wide wellness days off scheduled throughout the year
• Remote-first team