Staff Security Developer - Application Security and Posture Management

Your career is an investment that grows over time!

Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology we take financial services that are often confusing opaque and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada with over 4 million users who trust us with more than $50 billion in assets.

Our teams ship often and make an impact with groundbreaking ideas. We're looking for talented people who keep it simple and value collaboration and humility as we continue to create inclusive and high-performing teams where people can be inspired to do their best work.

About the Application Security & Posture Management Team

• The team is currently growing and owns the security architecture security tooling and offensive security testing for our applications. We enable the business and help Wealthsimple win the trust of our clients driving net deposits client acquisition and more

• Reporting to the Sr. Engineering Manager ASPM and part of the broader Security Engineering leadership function with peers in IAM and Infrastructure Security

What you bring:

• With an average of 8 years of experience in security or software development with at least 4 years in application security and 2 years as a Senior

• Proven experience with the following domains: security tooling (e.g. SAST DAST SCA etc) security architecture (e.g. threat modelling secure code review etc) and offensive security (e.g. bug bounty programs pentesting etc)

• Ability to read and write code at a Sr. Developer level with a preference for experience with Ruby Javascript Java and Python

• Excellent leadership skills with a track record of being able to work closely with product and development teams while growing talent on the team

• A history that demonstrates a maker owner and growth mindset. You are always thinking and acting like a team player and coach

In the first 3 months our ideal candidate will have:

• Completed their initial assessment of the application security program and team and be able to articulate to the business key risks and opportunities

• Taken over ownership of existing services libraries integrations and processes and began to prioritize any improvements or fixes with the team

• Identified the top 3 areas of risk in our applications and developed proposals to address them while balancing friction to organization and long term support

In the first 6 months our ideal candidate will have:

• Established good working relationships with vulnerability management and our product teams through program and product reviews respectively and will have executed on 2-4 threat modelling or pentesting opportunities

• Begun a coaching and mentoring relationship with more junior developers both inside and outside of the security department helping define and promote a culture of security

• Shipped their first service library or process designed to address one of the previously identified top 3 risks in our applications

In the first 12 months our ideal candidate will have:

• Defined their approach to making the easy way the secure way for developers and established a technical vision for the team

• Ensured that the team is firmly integrated in both SDLC and with our partners in product through continuous validation and security scorecarding

Why Wealthsimple?

🤑 Competitive salary with top-tier health benefits and life insurance

📈 Retirement savings matching plan using Wealthsimple Work

🌴 20 vacation days per year and unlimited sick and mental health days

📚 Up to $1500 per year towards wellness and professional development budgets respectively

🛫 90 days away program: Employees can work internationally in eligible countries for up to 90 days per calendar year

🌎 A wide variety of peer and company-led Employee Resource Groups (ie. Rainbow Women of Wealthsimple Black @ WS)

💖 Company-wide wellness days off scheduled throughout the year

We’re a remote-first team with over 1000 employees coast to coast in North America. Be a part of our Canadian success story and help shape the financial future of millions — join us!

Read our Culture Manual and learn more about how we work.

DEI Statement

At Wealthsimple we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race religion colour national origin gender sexual orientation age marital status or disability status.

Accessibility Statement

Wealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond please let us know and we will work with you to provide the necessary support and make reasonable accommodations to facilitate your participation. We are continuously working to improve our accessibility practices and welcome any feedback or suggestions on how we can better accommodate candidates with accessibility needs.