Wealthsimple

Senior Penetration Tester, Application Security

Job Description

About the Role

As a Senior Penetration Tester you will plan engagements, find security vulnerabilities, and help us fix them. Your role also involves establishing rapport with leadership, as well as internal, consultant, and third-party teams to communicate and support the improvement of our company’s cybersecurity posture and resiliency. You will report to the Senior Manager, Application Security and have a mandate to plan and execute secure code reviews, penetration tests, and other offensive security activities to improve Wealthsimple’s security.

This role requires a unique blend of offensive security expertise and collaborative problem-solving. You won't just be finding vulnerabilities and handing off reports - you'll be working shoulder-to-shoulder with engineering teams to understand root causes, suggest practical remediations, and sometimes implement fixes yourself. If you see your job ending when the report is submitted, this role isn't for you. We're looking for someone who sees vulnerability discovery as the beginning of the conversation, not the end.


Responsibilities:
  • Performing security assessments. Help discover flaws in our systems by conducting detailed penetration tests, code reviews, or threat models on our internal systems, web applications, and other software.
  • Analyzing vulnerabilities. Help determine the real-world severity of discovered issues and suggest actionable recommendations to address security threats, improve application security, and strengthen our cloud environments.
  • Writing about your findings. Create comprehensive write ups of the findings, your risk analysis, recommendations, and actionable insights for our engineers and other stakeholders.
  • Helping to fix the problems. Work closely with our application security, vulnerability management, infrastructure and platform engineers, implement solutions and enhance our security posture. This includes both fixing the vulnerabilities themselves, and helping to identify trends, come up with guardrails and regression tests and out of the box solutions to preventing the next vulnerability or design flaw.


    • What You Bring, People who will succeed in this role are:
  • Courageously Ambitious - they enthusiastically tackle big audacious goals.
  • Deeply Human - they take responsibility for bringing the best out of themselves and others.
  • Problem Solvers - they have the ability and resilience to tackle complex issues and see them through.

    • Skills and Experience:
  • Experience (5+ years preferred) in a mix of network, application, and native mobile penetration testing with a proven history of working cross-functionally with high functioning teams.
  • Experience performing boundary testing for PCI-DSS card holder environments or equivalent.
  • Experience performing mobile testing for Android/iOS applications.
  • Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and application deployment stacks.
  • Knowledge of standard penetration testing methodologies, including NIST SP 800-115.
  • Familiarity with Ruby, React, and GraphQL testing is preferred.
  • Development and/or scripting competence is preferred.
  • AWS testing experience is preferred.
  • Previous industry experience in Financial Services is preferred.
  • Experience using automation and AI to supplement and scale manual testing is preferred.


    • Education and certifications (preferred but not required):
  • Offensive Security Certified Professional (OSCP)/Experienced Penetration Tester (OSEP)
  • CREST Registered Tester
  • AWS Certified Security - Speciality
  • Bachelors or higher degree in cybersecurity, software engineering, or a related field


    • Apply Now
    Job Summary

    Game Penetration Tester

    Cyrex, a Magic Media company, is a media and tech start-up powered by creativity and innovation. We work with leading developers and publishers in the games industry, pro

    • Brazil
    • 9 days ago

    Web Penetration Tester

    Cyrex, a Magic Media company, is a media and tech start-up powered by creativity and innovation. We work with leading developers and publishers in the games industry, pro

    • Portugal Only
    • 9 days ago

    Web Penetration Tester

    Cyrex, a Magic Media company, is a media and tech start-up powered by creativity and innovation. We work with leading developers and publishers in the games industry, pro

    • Spain Only
    • 9 days ago

    Web Penetration Tester

    Cyrex, a Magic Media company, is a media and tech start-up powered by creativity and innovation. We work with leading developers and publishers in the games industry, pro

    • Serbia Only
    • 9 days ago