Wealthsimple is a financial services company on a mission to help everyone achieve financial freedom by providing products and advice that are accessible and affordable. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost.
With over 1 million people using Wealthsimple products, we are the market leader in Canada, and we’re fast growing in the US and UK. Our team is working together to build one of the most innovative fintech companies in the world and we're looking for talented people who want to help us move fast, ship often and make a huge impact. Join us on our mission to make financial services simple and affordable for everyone!
Security @ Wealthsimple
Wealthsimple’s Security team protects the systems that help hundreds of thousands of users manage billions of dollars in assets. We use a microservice architecture and an agile approach, focused on short iterations and rigorous automated testing, deploying our code over 100 times a day.
In this role, you will have the opportunity to:
Further secure our applications and cloud infrastructure by investigating threats and building software and tools that would allow engineers to quickly and easily develop new, secure code.
Conduct application design reviews and guide engineers in building secure microservices that are in-line with our best practices and architecture
Build and manage security automation tooling and libraries to help engineers deploy secure software
Triage and resolve security vulnerabilities in the application layer and work with engineering teams to find and implement solutions
Partner with teams across the business to promote secure development practices and cultivate a strong security culture at Wealthsimple
Participate in an on-call rotation for responding to security incidents, internal questions bugs, or triaged bug bounty security reports
We’re looking for someone who:
Believes that simple is better
Brings 3+ years of software development experience
Loves to tackle and solve complex problems on a regular basis and comes with a strong security mindset
Understands cloud security (AWS) and microservice architecture
Takes ownership and pride in working on projects to successful completion
Believes that debate, inclusivity and transparency result in better products
Is eager to teach and learn from your team. We value making others successful!
Nice to haves:
Experience with Static Code Analysis and Cloud Security platforms
Experience with designing and maintaining authorization layers in distributed microservice architectures
Experience with Java or Kotlin
Experience in red or blue teaming web applications or a bug bounty profile (such as HackerOne or Bug Crowd)
Experience in finding, responsibly disclosing, or resolving security vulnerabilities in open source software
Experience with production databases (we use Postgres on RDS and Aurora)
Experience with Docker and container orchestration tools such as Kubernetes, Nomad or Swarm (we use Nomad and Consul)
Any of the following certifications: CISSP, CEH, Security+, or GSEC
At Wealthsimple, we embrace difference. We believe that getting to the best outcomes requires diverse perspectives and backgrounds. We create space where all voices can be heard so that we can all do our life's best work. We’re committed to openness, curiosity and creating an inclusive culture as we know that diverse teams build better products and generate better ideas. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.
Wealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know.