Senior Red Team Operator executing Red Team and Purple Team operations in Canada. Delivering scenario - driven operations in a continuously evolving cybersecurity landscape.
About the role
- Principal Security Researcher for Spellbook, focused on securing legal AI workflows and sensitive data. Engaging in red teaming, security research, and cross-department collaboration for risk reduction.
Responsibilities
- Identify security risks across the company and partner with the relevant teams to reduce them.
- Lead active red teaming, application security testing, penetration testing, exploit validation, and adversarial analysis.
- Conduct original security research on legal AI, LLM-enabled products, sensitive document workflows, prompt injection, data leakage, model misuse, and tool abuse.
- Coordinate third-party penetration tests, red team exercises, audits, and other external security assessments.
- Own external vulnerability reports — bug bounty submissions, responsible disclosure reports, researcher communications, triage, validation, prioritization, and remediation tracking.
- Drive threat modelling and secure design reviews for new products, features, AI workflows, integrations, and infrastructure changes.
- Partner with R&D and Engineering to surface trust boundaries, abuse cases, and data exposure risks early in development.
- Support Security Operations during incident response by reproducing vulnerabilities, validating exploits, assessing impact, and recommending remediation.
- Engage with frontier AI labs, external researchers, vendors, and the broader security community to stay current on AI safety and security developments.
- Publish security research, advisories, technical writeups, blog posts, or conference talks where aligned with company priorities.
- Define and improve repeatable processes for security research, testing, vulnerability management, and remediation across Spellbook.
- Support with other responsibilities and projects as required.
Requirements
- Strong experience in application security, red teaming, penetration testing, vulnerability research, product security, or offensive security.
- Hands-on experience testing modern web applications, APIs, authentication flows, authorization models, cloud services, and distributed systems.
- Experience developing proof-of-concept exploits or clear technical demonstrations to validate security impact.
- Firm grasp of common software security risks, secure design principles, identity and access controls, data protection, and secure development practices.
- Experience partnering with engineering, product, or R&D teams to triage, prioritize, and remediate vulnerabilities end-to-end.
- Excellent written and verbal communication skills, with the ability to write clear technical reports, executive summaries, remediation guidance, and public-facing research, and to explain trade-offs to engineers, PMs, and leadership.
- Strong judgment around responsible disclosure, customer impact, confidentiality, and coordinated communication.
- Pragmatic at distinguishing theoretical risk from practical risk, with the instinct to help teams focus on what matters most.
- Comfortable operating with ambiguity and moving with urgency across hands-on testing, product security, incident support, and external coordination.
- Track record of driving measurable risk reduction in a fast-moving technical environment.
Benefits
- Access our company-paid group benefits for you and your family, with $1,000 towards mental health support
- Disconnect during our holiday closure and take advantage of our generous time off policies throughout the year
- Enjoy monthly paid meals, an annual wellness allowance to support your well-being and parental leave top-ups as your family grows
- Secure your stake in our success; you’ll receive competitive stock option grants as a pivotal early employee
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Director of Access Request Control at RBC establishing a framework for access request compliance. Collaborating across teams to streamline access and audit processes.
Product Owner driving evolving proactive security services portfolio across Risk Advisory, Application Security, and Cloud & AI Security. Collaborating with technology stakeholders to deliver high - value outcomes.
LP
Cybersecurity – Identity & Access Management (IAM)
LinkedIn Recruiter Post
Hiring Cybersecurity IAM expert for 12 - month contract in Toronto, ON. Requires 10+ years in IAM, AI/ML Security, and Zero Trust.
Loss Prevention Home Office Security Coordinator ensuring workplace safety and security for TJX Canada. Responsible for day - to - day monitoring and crisis management as a first responder.
Manager of Global Security and Safety at Genetec leading global security programs and protecting physical assets. Collaborating with executive leadership to implement risk - based security strategies.
Consultant managing complex cybersecurity projects remotely for Optiv in Vancouver. Establishing relationships and leading technology deployment in business continuity and resilience.
Product Manager directing the product roadmap and execution for OCIANA capabilities. Collaborating with stakeholders to enhance maritime security and operational decision - making.
Principal Business Information Security Officer at LastPass leading risk advisory and governance processes. Driving cross - functional collaboration to ensure scalable security frameworks in a competitive environment.
Cybersecurity Generalist role at PwC focusing on security solutions and cybersecurity practices. Leading projects and mentoring team members while identifying opportunities for the firm’s success.