Original listing text, shown exactly as published by the company.
About the role
As a Frontier AI Security Penetration Tester, you’ll be a hybrid builder and breaker
- Design and run automation-driven attack campaigns against Wealthsimple’s products and infrastructure including activities like:
- Designing realistic AI attack scenarios that account for:
- Attacker goals, initial access assumptions, and constraints.
- Success criteria and clear boundaries for safety.
- Wealthsimple-specific risks, design flaws, trust boundaries, and risk tolerance
- Use and evolve our AI agents and tooling to:
- Perform recon, vulnerability probing, confirmation, impact analysis, exploitation, and post-exploitation in safe environments.
- Help shape and improve the automated testing pipeline: how we model assets, orchestrate agents, run automated workflows, and turn noisy outputs into actionable findings. You’ll work closely with a platform engineer and a researcher to
- improve how scenarios and workflows are modeled and automated so we can automate the replay of promising attack paths.
- build and improve AI agents and tooling
- Propose and validate new tools or capabilities that unlock richer attack behavior
- Learn to use our native and in-house tooling to find more
- Work across the stack with platform engineers, AppSec, and other security teams to make automated and AI adversarial testing a routine, high-signal part of our SDLC. This includes:
- reviewing AI-generated findings to separate high-impact vulnerabilities from noise and false positives.
- Enhance proofs-of-concept into clear, reproducible steps for engineering teams and new automations
- Support remediation by pairing with engineers when needed and verifying that fixes address the root cause.
You’ll have substantial influence on the team’s roadmap through experimentation and R&D.
People who will succeed in this role are
- Courageously Ambitious - they enthusiastically tackle big audacious goals.
- Deeply Human - they take responsibility for bringing the best out of themselves and others.
- Problem Solvers - they have the ability and resilience to tackle complex issues, find common patterns, design solutions for scale, and see them through.
- Enthusiastic Communicators - they capture and share learnings by default, and are always looking to implement suggestions for improvements and guardrails
- Embraces change and experimentation - treat campaigns and framework changes as experiments. Thoughtfully define hypotheses, evaluation criteria, and success metrics, then analyze outcomes and share results with the team to guide next iterations.
Skills and ExperienceRequired
- Experience building AI- or automation-assisted offensive security tools.
- Experience (5+ years preferred) in offensive security testing domains like penetration testing, red teaming, threat hunting, or attack simulations in complex environments with a proven history of working cross-functionally with high functioning teams.
- Strong technical skills in:
- Reading and reasoning about code and system designs.
- Understanding modern cloud-native architectures (preferably AWS).
- Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
- Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
- Familiarity with LLM- or agent-based systems (tool use/function calling, prompt design).
- Comfort working with novel tools and ambiguity:
- You’re already experimenting with AI agents and have always had a scale and automation-first mindset to testing and discovering new vulnerabilities.
- You can turn open-ended problems into small, testable steps.
Preferred but not required
- Familiarity with Ruby, React, and GraphQL testing
- Development and/or scripting competence
- AWS testing experience
- Previous industry experience in Financial Services
