Senior Penetration Tester, Application Security

Job description

Build something people love

Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology, we take financial services that are often confusing and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada, with 3+ million users who trust us with more than $100 billion in assets. And we’re just getting started.

We’re looking for someone who thinks big, sweats the small stuff and keeps things simple. You’ll join a high-bar, fast-paced team where people are trusted to own their work, communicate openly, and ship things that improve our clients’ lives. Collaboration, humility, and an obsession over quality are how we get stuff done.

About the Role

As a Senior Penetration Tester you will plan engagements, find security vulnerabilities, and help us fix them. Your role also involves establishing rapport with leadership, as well as internal, consultant, and third-party teams to communicate and support the improvement of our company’s cybersecurity posture and resiliency. You will report to the Senior Manager, Application Security and have a mandate to plan and execute secure code reviews, penetration tests, and other offensive security activities to improve Wealthsimple’s security.

This role requires a unique blend of offensive security expertise and collaborative problem-solving. You won’t just be finding vulnerabilities and handing off reports - you’ll be working shoulder-to-shoulder with engineering teams to understand root causes, suggest practical remediations, and sometimes implement fixes yourself. If you see your job ending when the report is submitted, this role isn’t for you. We’re looking for someone who sees vulnerability discovery as the beginning of the conversation, not the end.

Responsibilities:

• Performing security assessments. Help discover flaws in our systems by conducting detailed penetration tests, code reviews, or threat models on our internal systems, web applications, and other software.
• Analyzing vulnerabilities. Help determine the real-world severity of discovered issues and suggest actionable recommendations to address security threats, improve application security, and strengthen our cloud environments.
• Writing about your findings. Create comprehensive write ups of the findings, your risk analysis, recommendations, and actionable insights for our engineers and other stakeholders.
• Helping to fix the problems. Work closely with our application security, vulnerability management, infrastructure and platform engineers, implement solutions and enhance our security posture. This includes both fixing the vulnerabilities themselves, and helping to identify trends, come up with guardrails and regression tests and out of the box solutions to preventing the next vulnerability or design flaw.

What You Bring, People who will succeed in this role are:

• Courageously Ambitious - they enthusiastically tackle big audacious goals.
• Deeply Human - they take responsibility for bringing the best out of themselves and others.
• Problem Solvers - they have the ability and resilience to tackle complex issues and see them through.

Skills and Experience:

• Experience (5+ years preferred) in a mix of network, application, and native mobile penetration testing with a proven history of working cross-functionally with high functioning teams.
• Experience performing boundary testing for PCI-DSS card holder environments or equivalent.
• Experience performing mobile testing for Android/iOS applications.
• Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
• Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
• Familiarity with Ruby, React, and GraphQL testing is preferred.
• Development and/or scripting competence is preferred.
• AWS testing experience is preferred.
• Previous industry experience in Financial Services is preferred.
• Experience using automation and AI to supplement and scale manual testing is preferred.

Education and certifications (preferred but not required):

• Offensive Security Certified Professional (OSCP)/Experienced Penetration Tester (OSEP)
• CREST Registered Tester
• AWS Certified Security - Speciality
• Bachelors or higher degree in cybersecurity, software engineering, or a related field

Compensation & Equity

🤑 Base salary range: For this role, candidates located in Canada can expect a base salary range of CAD $151,200 - $189,000. Actual compensation is determined based on skills, experience, and role level. Exceptional candidates may be considered above the top of the range, and pay can increase quickly for those who make a big impact in the role.

🚀 Total compensation: In addition to base salary, this role includes equity compensation. We use clear job levels and market-based salary bands to ensure compensation is fair and consistent across the company.

Why Wealthsimple?

🌸 Top-tier health benefits and life insurance

📈 Long-term group savings with employer match using our Wealthsimple for Business platform

🌴 20 vacation days + 4 wellness days per year, and unlimited sick and mental health days

✈️ 90 days away program: Employees can work outside of Canada for up to 90 days per calendar year

👥 A wide variety of peer and company-led Employee Resources Groups (e.g., Rainbow, Women of Wealthsimple, Black @ WS)

🌎 We’re a remote first team with over 1,500 employees across North America - and one of the best things about working here is the people. You’ll be collaborating with incredibly talented, curious, and driven teammates who care deeply about doing great work.

Be a part of our Canadian success story and help shape the financial future of millions.

Read our Culture Manual and learn more about how we work.

Technology & Innovation at Wealthsimple

We believe the future belongs to those who innovate boldly. At Wealthsimple, every team member is expected to lean into new technologies, including AI, and tooling to rethink how we work, solve problems faster, and create even greater value. We’re looking for people who are not just comfortable with change but energized by it. Our commitment is to build a company that evolves at the pace of the world around us, and we want you to help lead that future.

DEI Statement

At Wealthsimple, we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.

Accessibility Statement

Wealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know, and we will work with you to provide the necessary support and make reasonable accommodations to facilitate your participation. We are continuously working to improve our accessibility practices and welcome any feedback or suggestions on how we can better accommodate candidates with accessibility needs.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.