Security Developer, Vulnerability Management
Canada
Wealthsimple
Wealthsimple is the simple way to grow your money like the world's most sophisticated investors. No-maintenance portfolios, expert investment advisers and low fees.Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology, we take financial services that are often confusing, opaque and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada, with over 3 million users who trust us with more than $30 billion in assets.
Our teams ship often and make an impact with groundbreaking ideas. We're looking for talented people who keep it simple and value collaboration and humility as we continue to create inclusive and high-performing teams where people can be inspired to do their best work.
In this role, you will have the opportunity to:
- Strengthen our application and infrastructure security through meticulous vulnerability management, ensuring swift remediation of vulnerabilities.
- Detect and authenticate vulnerabilities in code through rigorous manual security code reviews across all programming languages utilized within our systems, alongside employing tools such as SAST, SCA, Zap, Nuclei, and Burpsuite.
- Actively engage in remediating vulnerabilities by crafting pull requests for engineering teams, facilitating seamless collaboration with stakeholders to assign ownership, and guiding developers through the remediation process.
- Prioritize and generate tickets for scanner findings, meticulously tracking and following up on the remediation process.
- Apply an offensive security mindset to conduct comprehensive risk assessments of vulnerabilities.
- Seamlessly integrate various vulnerability assessment tools with our tracking system via APIs.
- Streamline vulnerability management processes through automation wherever feasible.
- Engage with cloud, network, and infrastructure scanners to identify and address vulnerabilities, leveraging technologies like PrismaCloud, AWS Inspector, Terraform, CloudFormation, and Kubernetes.
- Contribute to our security champion program by developing informative talks and training materials.
We are looking for someone who:
- Possesses 4+ years of full-stack coding experience, ideally in languages such as Ruby on Rails, Python, or JavaScript.
- Boasts over 3 years of hands-on experience in secure code review and vulnerability assessment.
- Demonstrates a strong understanding of the software development life cycle and CI/CD pipeline.
- Exhibits proficient knowledge of security principles, including OWASP top 20, best practices, and common vulnerabilities, alongside expertise in security testing tools like DAST, SAST, SCA, and infra/cloud scanners, for example, Burpsuite, Nuclei, SemGrep, ZAP.
- Familiarity with Vulnerability Management within microservice architectures, encompassing Infrastructure as Code, cloud networks, hosts, containers, and images.
- Possesses excellent collaboration skills, enabling effective communication and cooperation with Engineering, Security, and Risk teams to elucidate the offensive impact of vulnerabilities and recommend effective remediation strategies.
We’re a remote-first team, with over 1000 employees coast to coast in North America. Be a part of our Canadian success story and help shape the financial future of millions — join us!
Read our Culture Manual and learn more about how we work.
DEI StatementAt Wealthsimple, we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.
Accessibility StatementWealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know, and we will work with you to provide the necessary support and make reasonable accommodations to facilitate your participation. We are continuously working to improve our accessibility practices and welcome any feedback or suggestions on how we can better accommodate candidates with accessibility needs.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Automation AWS Burp Suite CI/CD Cloud DAST FinTech Full stack JavaScript Kubernetes Offensive security OWASP Python Risk assessment Ruby SAST SDLC Terraform Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Flex vacation Health care Insurance Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs