Intermediate Software Developer, Application Security
Canada
Wealthsimple
Wealthsimple is the simple way to grow your money like the world's most sophisticated investors. No-maintenance portfolios, expert investment advisers and low fees.
Your career is an investment that grows over time!
Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology, we take financial services that are often confusing, opaque and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada, with over 3 million users who trust us with more than $40 billion in assets.
Our teams ship often and make an impact with groundbreaking ideas. We're looking for talented people who keep it simple and value collaboration and humility as we continue to create inclusive and high-performing teams where people can be inspired to do their best work.
About the Application Security and Posture Management team:
At Wealthsimple, we value our customers' trust above all. our Application Security Team is dedicated to protecting this trust by ensuring the utmost security of our applications and customer data.
In close collaboration with development teams, we integrate security measures and practices into every stage of our Software Development Lifecycle. We also partner with them to build secure features and capabilities into our products. Our proactive efforts are focused on identifying and mitigating risks within our applications, ensuring solutions are both timely and scalable.
Our mission extends beyond securing systems; we aim to safeguard our customers' trust, reinforcing Wealthsimple's position as the most trusted company in the world. We also cultivate a strong security culture throughout the company, empowering all employees to uphold and advocate for our high security standards.
We’re a remote-first team, with over 1,000 employees coast to coast in North America. Be a part of our Canadian success story and help shape the financial future of millions — join us!
Read our Culture Manual and learn more about how we work.
DEI StatementAt Wealthsimple, we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.
Accessibility StatementWealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know, and we will work with you to provide the necessary support and make reasonable accommodations to facilitate your participation. We are continuously working to improve our accessibility practices and welcome any feedback or suggestions on how we can better accommodate candidates with accessibility needs.
Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology, we take financial services that are often confusing, opaque and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada, with over 3 million users who trust us with more than $40 billion in assets.
Our teams ship often and make an impact with groundbreaking ideas. We're looking for talented people who keep it simple and value collaboration and humility as we continue to create inclusive and high-performing teams where people can be inspired to do their best work.
About the Application Security and Posture Management team:
At Wealthsimple, we value our customers' trust above all. our Application Security Team is dedicated to protecting this trust by ensuring the utmost security of our applications and customer data.
In close collaboration with development teams, we integrate security measures and practices into every stage of our Software Development Lifecycle. We also partner with them to build secure features and capabilities into our products. Our proactive efforts are focused on identifying and mitigating risks within our applications, ensuring solutions are both timely and scalable.
Our mission extends beyond securing systems; we aim to safeguard our customers' trust, reinforcing Wealthsimple's position as the most trusted company in the world. We also cultivate a strong security culture throughout the company, empowering all employees to uphold and advocate for our high security standards.
What you will do:
- Audit source code and perform code reviews for critical application changes
- Develop and maintain custom security libraries, tools, and services such as geolocator, panko, security-bot, Input Sanitization middleware to mitigate Injection based attacks; and GraphQL API Security controls
- Integrate tooling used for automated security scanning, including Semgrep for SAST, SCA and Secrets Detection; and Nuclei
- Lead bug bounty efforts and provide hands-on guidance for vulnerability remediation and train developers on common security pitfalls, fostering a proactive security culture within the development process
- Implement data pipeline to aggregate data from security tools and build monitors and detection to alert us of potential compromise
- Design and implement attack scenarios to simulate real-world threats, allowing us to uncover any potential weaknesses in our systems and infrastructure
- Keep up-to-date with the latest security trends, tools, and techniques to continuously enhance the security posture of the organization, research and evaluate emerging threats and vulnerabilities, and provide recommendations for improving our security practices
We're looking for someone who:
- Has proficiency with Javascript and Ruby on Rails
- Is able to reason through Python and Java/Kotlin code bases
- Understands and can identify and propose fixes for application security gotchas such as those listed in OWASP Top 10
- Exhibits and offensive security mindset - thinking critically about what could go wrong
- Is comfortable with digging into logs using tools such as SQL and SIEM
- Is able to clearly and effectively communicate, internally and externally, security best practices and strategy
- Is an effective listener, consensus builder and effectively incorporates diverse ideas into a coherent vision
We’re a remote-first team, with over 1,000 employees coast to coast in North America. Be a part of our Canadian success story and help shape the financial future of millions — join us!
Read our Culture Manual and learn more about how we work.
DEI StatementAt Wealthsimple, we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.
Accessibility StatementWealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know, and we will work with you to provide the necessary support and make reasonable accommodations to facilitate your participation. We are continuously working to improve our accessibility practices and welcome any feedback or suggestions on how we can better accommodate candidates with accessibility needs.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Categories:
AppSec Jobs
Security Engineering Jobs
Tags: APIs Application security FinTech Java JavaScript Kotlin Offensive security OWASP Python Ruby SAST SDLC SIEM SQL Strategy Vulnerabilities
Perks/benefits: Career development Competitive pay Flex vacation Health care Insurance Unlimited paid time off Wellness
Region:
North America
Country:
Canada
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsPenetration Tester jobsSenior Cybersecurity Engineer jobsSenior Cyber Security Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Network Security Engineer jobsInformation System Security Officer jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsInformation System Security Officer (ISSO) jobsCybersecurity Consultant jobsThreat Intelligence Analyst jobsSenior Information Security Engineer jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsTerraform jobsFinance jobsDoDD 8570 jobsBash jobsITIL jobsOWASP jobsUNIX jobsCRISC jobsGIAC jobsDocker jobsIntrusion detection jobsCompTIA jobs
TCP/IP jobsThreat detection jobsBanking jobsActive Directory jobsData Analytics jobsSANS jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsVPN jobsCyber defense jobsAnsible jobsSOC 2 jobsIT infrastructure jobsJavaScript jobsSOAR jobsDNS jobsSOX jobsJira jobsGCIH jobsSecurity strategy jobsNIST 800-53 jobsOracle jobsCryptography jobs