Security Engineer (Application & Cloud)

Job Description

Posted 8 months ago

• Further secure our applications and cloud infrastructure by investigating threats and building software and tools that would allow engineers to quickly and easily develop new, secure code.

• Conduct application design reviews and guide engineers in building secure microservices that are in-line with our best practices and architecture

• Build and manage security automation tooling and libraries to help engineers deploy secure software

• Triage and resolve security vulnerabilities in the application layer and work with engineering teams to find and implement solutions

• Partner with teams across the business to promote secure development practices and cultivate a strong security culture at Wealthsimple

• Participate in an on-call rotation for responding to security incidents, internal questions bugs, or triaged bug bounty security reports
We’re looking for someone who:

• Believes that simple is better

• Brings 3+ years of software development experience

• Has experience with Python, Ruby / Rails and JavaScript / Node.js

• Loves to tackle and solve complex problems on a regular basis and comes with a strong security mindset

• Understands cloud security (AWS) and microservice architecture

• Takes ownership and pride in working on projects to successful completion

• Believes that debate, inclusivity and transparency result in better products

• Is eager to teach and learn from your team. We value making others successful!
Nice to haves:

• Experience with Static Code Analysis and Cloud Security platforms

• Experience with designing and maintaining authorization layers in distributed microservice architectures

• Experience with Java or Kotlin

• Experience in red or blue teaming web applications or a bug bounty profile (such as HackerOne or Bug Crowd)

• Experience in finding, responsibly disclosing, or resolving security vulnerabilities in open source software

• Experience with production databases (we use Postgres on RDS and Aurora)

• Experience with Docker and container orchestration tools such as Kubernetes, Nomad or Swarm (we use Nomad and Consul)

• Any of the following certifications: CISSP, CEH, Security+, or GSEC
At Wealthsimple, we embrace difference. We believe that getting to the best outcomes requires diverse perspectives and backgrounds. We create space where all voices can be heard so that we can all do our life's best work. We’re committed to openness, curiosity and creating an inclusive culture as we know that diverse teams build better products and generate better ideas. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.
Wealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know.