As a Principal Offensive Security Engineer, you will be at the forefront of identifying and exploiting security weaknesses across Questrade's diverse infrastructure, applications, and services. This role demands a deep understanding of adversarial tactics, coupled with expertise in leveraging and developing AI-driven solutions to enhance our offensive capabilities and defensive posture.

Working as a Principal Offensive Security Engineer at Questrade means actively engaging in red team operations, sophisticated penetration testing, and vulnerability research. You will integrate Large Language Models to identify attack paths proactively, automate exploitation, and simulate advanced persistent threats. This role requires a hands-on approach to challenging and hardening our cloud and on-premises environments, as well as our critical web applications and APIs, by thinking like an adversary.

Need more details? Keep reading…

In this role, responsibilities include but are not limited to:

Design, develop, and deploy AI-powered offensive tools and agentic automation workflows for advanced security testing, vulnerability discovery, and post-exploitation activities.
Conduct comprehensive Purple Team Exercises, Adversarial Simulations, and Red Team Engagements, incorporating AI-driven threat intelligence and attack techniques.
Leverage and develop low-code/no-code platforms and agentic frameworks (e.g., LangChain, CrewAI, N8N) to prototype and scale offensive capabilities rapidly.
Continuously research offensive techniques to bypass security controls and systems (e.g., VDI, XDR, Network Segmentation, Active Directory) and discover novel attack vectors.
Perform deep-dive reconnaissance and enumeration using Open-Source Intelligence (OSINT), augmented by AI for faster and more comprehensive data aggregation and analysis.
Develop, deploy, and maintain offensive security tooling and infrastructure, including AI-driven components, to support complex engagements.
Lead efforts in identifying and exploiting vulnerabilities across diverse platforms, including cloud (especially GCP), on-premises infrastructure, and modern web/API applications.

So are YOU our next Principal Offensive Security Engineer? You are if you have…

Possess 5+ years of advanced experience in offensive security, with a proven track record in red teaming, penetration testing, and exploitation, ideally leveraging AI-driven augmentation.
Have excellent written and verbal communication skills.
Have a good understanding of enterprise infrastructure, cloud security architecture, and modern web applications and APIs.
Have a willingness to multitask and be flexible to take on varied responsibilities.
Have a strong work ethic, positive energy, and the ability to energize others.
Have a service-oriented mindset and a willingness to assist the team in any way to ensure project success.

Additional kudos if you…

Hold industry-leading offensive security certifications (e.g., OSCP, OSWE, OSEP, CRTE, CRTO) and/or relevant AI/ML security certifications.
Experience with adversarial AI frameworks and tools.
Extensive experience with cloud penetration testing, particularly on Google Cloud Platform (GCP), including expertise in cloud native AI/ML services security.

Sounds like you? Click below to apply! #LI-Hybrid #LI-MM1

Apply now

See more open positions at Flexiti Financial

Privacy policy Cookie policy

Communitech Hub

151 Charles Street West, Suite 100,
Kitchener, Ontario, Canada, N2G 1H6

Proud member of Canada's Tech Network

Hours: Monday - Thursday 8:30 a.m. - 5 p.m. ET
Friday 8:30 a.m. - 4 p.m. ET
Phone: +1 (519) 888-9944
Email: front.desk@communitech.ca

Connect with us

Government of Ontario logo

Government of Canada logo

Communitech acknowledges that the Hub is situated on the Haldimand Tract, land that was granted to the Haudenosaunee of the Six Nations of the Grand River, and are within the territory of the Neutral, Anishinaabe, and Haudenosaunee peoples.

To access services in French please email marketinghelp@communitech.ca