Frontier AI Security Threat Hunter

About Wealthsimple: Wealthsimple is Canada’s premier, internationally recognized financial technology pioneer, asset management innovator, and digital banking platform leader on an absolute mission to build simple, highly sophisticated financial products that everyone can love. Serving more than 4 million Canadians and governing over $125 billion in assets under administration, Wealthsimple delivers a seamless, state-of-the-art cloud product suite encompassing managed investing portfolios, do-it-yourself equity trading, cryptocurrency management, automated tax filing, and smart cash spending environments. Headquartered in Toronto and built on a high-performing remote-first grid of over 1,500 employees across North America, Wealthsimple merges deep financial engineering with rigorous, AI-forward security guardrails to expand credit transparency and protect critical user data safely and ethically.

Position Overview

We are seeking a highly sophisticated, automation-minded Frontier AI Security Threat Hunter to join our newly engineered AI-enabled Adversarial Testing Capability under the core global Application Security division. Available in a full-time remote capacity within Canada, this unique hybrid seat functions as a top-tier Individual Contributor positioned at the forefront of offensive security engineering. Moving far past passive signature scanning, you will claim individual accountability for designing, modeling, and running automation-driven attack campaigns to breach our own products and cloud boundaries before modern, AI-enabled adversaries do. Working directly beside platform engineers and security researchers, you will combine automated red teaming routines, autonomous AI agent orchestration, and deep secure code analysis to establish an end-to-end clearbox pentesting engine embedded directly into our active SDLC.

Key Responsibilities

• Adversarial Attack Simulation: Design, orchestrate, and execute advanced automation-driven attack campaigns against Wealthsimple’s products, identity perimeters, and endpoints to expose logical design flaws.
• AI Agent Infrastructure Curation: Evolve and program automated autonomous AI agents to perform recon, vulnerability probing, exploitation verification, and post-exploitation tasks natively in isolated sandbox environments.
• Cloud Infrastructure Threat Hunting: Scan, probe, and audit complex cloud-native architectures, tracking data protection states, encryption protocols, network boundaries, and resource access maps natively inside AWS.
• Syllabus Code Review Filtering: Analyze and filter AI-generated findings, reviewing codebase definitions across the stack to separate complex, high-impact security vulnerabilities from background noise and false positives.
• Vulnerability Proof-of-Concept Design: Enhance raw software exploits into highly detailed, clear, and reproducible proof-of-concept steps to guide product engineering teams toward stable fixes.
• Remediation Pairing Support: Partner directly alongside platform engineering squads to oversee patch implementations, verifying that system fixes actively target the structural root cause of security anomalies.
• Testing Methodology Compliance: Structure, document, and execute red teaming workflows in strict accordance with standard international pentesting methodologies, specifically adhering to the NIST SP 800-115 regulatory guide.
• Multi-Modal Tool Calling Management: Track, iterate, and refine multi-modal LLM-based frameworks, optimizing agent configurations using Prompt Engineering, function calling, and structured output parameters.

Required Skills & Qualifications

• 5+ years of verified professional history running advanced offensive security testing, penetration testing, corporate red teaming, threat hunting, or automated attack simulation in highly complex environments.
• Demonstrated experience reading, analyzing, and reasoning about complex software logic, code definitions, and multi-tenant distributed system designs.
• Strong, authoritative technical command over modern cloud-native deployment patterns, highlighting hands-on configuration familiarity with public infrastructure layers via AWS.
• Deep structural understanding of networks, endpoint security, identity management, database encryption mechanisms, and secure code delivery pipelines.
• Practical operational familiarity working with next-generation LLM or agent-based architectures, specifically handling Prompt Engineering or tool utilization logic blocks.
• Outstanding verbal and written communication mechanics, with a native capacity to translate ambiguous threat signatures into structured, actionable engineering guardrails.
• Location Context: Full-time operational parameters open exclusively to qualified application security and pentesting leads based permanently anywhere within Canada (must reside in a province where Wealthsimple possesses a registered corporate entity).

Preferred Strategic Indicators (Nice to Have)

• Prior professional experience building custom AI-assisted or machine learning-driven offensive security tooling and automated testing platforms.
• Familiarity with full-stack security assessments across application frameworks built using Ruby, React, or GraphQL validation testing routines.
• Direct domain-specific security experience working within the Financial Services, FinTech, crypto-asset exchange, or highly regulated corporate banking environments.

What We Offer

• Highly Competitive Salaried Compensation: An attractive baseline salary range calibrated transparently between CA$151,200 – CA$189,000 per year, paired with high-value corporate equity allocation offers.
• The exceptional professional canvas to directly direct, code, and define the automated AI agent platforms testing and protecting the financial systems of millions of users.
• Profound work-from-home remote parameters offering total lifestyle flexibility, 20 scheduled vacation days, 4 dedicated wellness days, and unlimited paid mental health and sick leave periods.
• An elite "90 Days Away" international perk, empowering you to work remotely outside of Canada for up to 90 days per calendar year.
• Immediate eligibility to access top-tier health benefits, inclusive life insurance protections, and long-term group savings plans with a robust corporate match through Wealthsimple for Business.
• Active connection with diverse global Employee Resource Groups, including specialized communities like Rainbow (2SLGBTQ), Women of WS, and Black at WS.