Wealthsimple - Security Developer, Vulnerability Management

• Possesses 4+ years of full-stack coding experience, ideally in languages such as Ruby on Rails, Python, or JavaScript.
• Boasts over 3 years of hands-on experience in secure code review and vulnerability assessment.
• Demonstrates a strong understanding of the software development life cycle and CI/CD pipeline.
• Exhibits proficient knowledge of security principles, including OWASP top 20, best practices, and common vulnerabilities, alongside expertise in security testing tools like DAST, SAST, SCA, and infra/cloud scanners, for example, Burpsuite, Nuclei, SemGrep, ZAP.
• Familiarity with Vulnerability Management within microservice architectures, encompassing Infrastructure as Code, cloud networks, hosts, containers, and images.
• Possesses excellent collaboration skills, enabling effective communication and cooperation with Engineering, Security, and Risk teams to elucidate the offensive impact of vulnerabilities and recommend effective remediation strategies.

Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology, we take financial services that are often confusing, opaque and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada, with over 3 million users who trust us with more than $30 billion in assets.
Our teams ship often and make an impact with groundbreaking ideas. We're looking for talented people who keep it simple and value collaboration and humility as we continue to create inclusive and high-performing teams where people can be inspired to do their best work.

• Strengthen our application and infrastructure security through meticulous vulnerability management, ensuring swift remediation of vulnerabilities.
• Detect and authenticate vulnerabilities in code through rigorous manual security code reviews across all programming languages utilized within our systems, alongside employing tools such as SAST, SCA, Zap, Nuclei, and Burpsuite.
• Actively engage in remediating vulnerabilities by crafting pull requests for engineering teams, facilitating seamless collaboration with stakeholders to assign ownership, and guiding developers through the remediation process.
• Prioritize and generate tickets for scanner findings, meticulously tracking and following up on the remediation process.
• Apply an offensive security mindset to conduct comprehensive risk assessments of vulnerabilities.
• Seamlessly integrate various vulnerability assessment tools with our tracking system via APIs.
• Streamline vulnerability management processes through automation wherever feasible.
• Engage with cloud, network, and infrastructure scanners to identify and address vulnerabilities, leveraging technologies like PrismaCloud, AWS Inspector, Terraform, CloudFormation, and Kubernetes.
• Contribute to our security champion program by developing informative talks and training materials.