Frontier AI Security Threat Hunter

About The Position

Requirements

• 5+ years of experience in offensive security testing domains such as penetration testing, red teaming, threat hunting, or attack simulations in complex environments.
• Proven history of working cross-functionally with high-functioning teams.
• Strong technical skills in reading and reasoning about code and system designs.
• Understanding of modern cloud-native architectures (preferably AWS).
• Technical understanding of networks, endpoint, identity, cloud, encryption, data protection, and application deployment stacks.
• Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
• Familiarity with LLM- or agent-based systems (tool use/function calling, prompt design).
• Comfort working with novel tools and ambiguity.
• Experimenting with AI agents.
• Scale and automation-first mindset to testing and discovering new vulnerabilities.
• Ability to turn open-ended problems into small, testable steps.

Nice To Haves

• Experience building AI- or automation-assisted offensive security tools.
• Familiarity with Ruby, React, and GraphQL testing.
• Development and/or scripting competence.
• AWS testing experience.
• Previous industry experience in Financial Services.

Responsibilities

• Design and run automation-driven attack campaigns against Wealthsimple’s products and infrastructure.
• Design realistic AI attack scenarios considering attacker goals, initial access assumptions, constraints, success criteria, safety boundaries, Wealthsimple-specific risks, design flaws, trust boundaries, and risk tolerance.
• Use and evolve AI agents and tooling to perform recon, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in safe environments.
• Help shape and improve the automated testing pipeline, including asset modeling, agent orchestration, automated workflow execution, and transforming noisy outputs into actionable findings.
• Work closely with a platform engineer and a researcher to improve scenario and workflow modeling and automation for replaying attack paths.
• Build and improve AI agents and tooling.
• Propose and validate new tools or capabilities for richer attack behavior.
• Learn to use native and in-house tooling to enhance vulnerability discovery.
• Work across the stack with platform engineers, AppSec, and other security teams to integrate automated and AI adversarial testing into the SDLC.
• Review AI-generated findings to differentiate high-impact vulnerabilities from noise and false positives.
• Enhance proofs-of-concept into clear, reproducible steps for engineering teams and new automations.
• Support remediation by pairing with engineers and verifying that fixes address the root cause.

Benefits

• Top-tier health benefits and life insurance
• Long-term group savings with employer match, through Wealthsimple for Business
• 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year
• 90 days away: work outside Canada for up to 90 days per year
• Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS