Frontier AI Security Researcher

About The Position

Requirements

• 5+ years of experience in offensive security and/or vulnerability research
• Prior work blending automation with offensive security (e.g., custom tooling, fuzzer integrations).
• Strong technical skills in reading and reasoning about code, infrastructure, and designs.
• Experience building, evaluating, or using LLM- or agent-based systems in any domain.
• A strong curiosity about and openness to AI-augmented workflows:
• Comfortable iterating on prompts, tools, and agent behaviours.
• Pragmatic about what AI can and cannot do today.
• Working experience with large language models and how they work; for example, you may have written agent scaffolds
• Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
• Knowledge of standard penetration testing methodologies, including NIST SP 800-115.

Nice To Haves

• Published research papers on computer security, language modelling, offensive security tool benchmarking, or related topics; or given talks at Defcon, Blackhat, CCC, or other reputable venues
• Contributed to open-source projects in LLM- or security-related projects, especially those contributing to AI / LLM-specific guardrails and models
• Experience in financial services
• Data science and data pipeline development experience
• Familiarity with Ruby, React, GraphQL, AWS
• Some software or systems engineering experience
• Previous industry experience in Financial Services is preferred.

Responsibilities

• Design and build scaffolds to automate attacker/threat modeling, attack discovery and exploitation techniques at scale
• Identify promising attack surfaces and scenarios across Wealthsimple’s stack.
• Architect and tune agents, prompts, and toolchains that implement real attacker TTPs.
• Define success metrics and evaluation criteria for automations/ai so we can select and fine tune tooling and model use
• Design and iterate on multi-step agent strategies that combine observation, planning, action, and self-learning
• Improve effectiveness and automation coverage and reduce unproductive actions and loops
• Propose and validate new tools or environment features that enable richer or more realistic attacks.
• Research and design new AI-driven attack strategies and scenarios in anticipation of what adversaries might misuse LLMs to do in future, then help design detections and defensive measures
• Analyze AI behavior and results to discover systemic weaknesses and strengths and improve platform design / outputs and compensate for weaknesses.
• Compare different models, prompts, and tool sets on the same scenarios.
• Measure meaningful outcomes (bugs found, depth of compromise, time-to-finding, false-positive behaviour).
• Benchmark AI-driven testing against our other tooling and manual test results to understand return on investment and where to invest effort and expertise to best advantage
• Translate agent outputs into high-quality findings and systemic improvements.
• Identify high-confidence vulnerabilities and attack paths.
• Analyze findings to uncover recurring vulnerability types and control gaps, then help us fix them
• Understand how agents discovered issues and what that implies for our defences.
• Share learnings and help build guardrails, detections, systemic framework fixes, libraries, or new agents/experiments
• Help shape the team’s direction through research, proposals, benchmarking, and improved design/implementation.

Benefits

• Top-tier health benefits and life insurance
• Long-term group savings with employer match, through Wealthsimple for Business
• 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year
• 90 days away: work outside Canada for up to 90 days per year
• Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS