Senior Infrastructure Security Developer
Your career is an investment that grows over time!Wealthsimple is on a mission to help everyone achieve financial freedom by reimagining what it means to manage your money. Using smart technology, we take financial services that are often confusing, opaque and expensive and make them transparent and low-cost for everyone. We’re the largest fintech company in Canada, with over 3 million users who trust us with more than $20 billion in assets.Our teams ship often and make an impact with groundbreaking ideas. We're looking for talented people who keep it simple and value collaboration and humility as we continue to create inclusive and high-performing teams where people can be inspired to do their best work.About the TeamThe Infrastructure Security team is a specialized group with a mix of cloud infrastructure, networking, scripting and security skillsets who work together to deploy and manage a wide variety of tools and processes to ensure Wealthsimple’s systems and data are secure. We manage a variety of Wealthsimple’s security stack such as endpoint detection and response, logging and alerting (specifically related to security use cases), workflow automation, web application firewalls (WAF), virtual private networks (VPN), and a range of cloud services.We understand that the lists below may seem overwhelming but don't worry, we don't expect you to be an expert in all of them. Instead, we value your unique combination of skills and experiences.
In this role, you will have the opportunity to:
- Further secure our infrastructure, by reviewing and improving network and system security, investigating threats, testing our security posture and recommending security best practices
- Develop and implement comprehensive infrastructure security strategies, policies, and procedures to safeguard the organization's networks, systems, and data
- Collaborate with cross-functional teams to design and implement security controls and measures to protect against unauthorized access, data loss, and other security threats
- Build, manage and improve resources for alerting, logging, and monitoring
- Develop and maintain Infrastructure as Code
- Stay up-to-date with the latest security technologies, trends, and best practices, and make recommendations for their implementation
- Guide our developers in building secure environments that are in-line with security’s best practices
Skills You Bring:
- Have experience with endpoint detection and response (EDR), specifically for MacOS, iOS, Android and Kubernetes
- Have experience with cloud security tools including a deep understanding of AWS Elastic Kubernetes Service (EKS)
- Have experience implementing data loss prevention (DLP) tools and policies
- Have knowledge of security frameworks such as CIS Benchmarks, SOC2, PCI, or NIST
- Possess strong experience with writing and auditing Infrastructure as Code, specifically Terraform
- Be able to clearly and effectively communicate, internally and externally, security best practices and strategy
- Take ownership of finding & implementing optimal solutions to problems and seeing these initiatives through
- Value open communication and working on an exceptionally transparent, debate-and-feedback-driven team
- Agree that established and boring tools are great, but looking forward and embracing change, new tools, and different perspectives is just as important
- Is eager to teach and learn from their team. We value making others successful!
Nice to Haves:
- Have any of the following certifications: CISSP, CEH, Security+, AWS Certified Security - Specialty or GSEC
- Have experience working in a micro-service architecture environment that’s backed by databases using AWS Aurora PSQL or Oracle
- Have experience in testing web applications or a bug bounty profile (such as HackerOne or Bug Crowd) and how infrastructure may get affected as a result of application vulnerabilities