Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, Zolo, and Flexiti Financial Inc., provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money.
We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.
At QFG, we have a culture of innovation where technology serves people—both our team and our customers. We see AI as a collaborative and transformative enabler, and we are seeking forward-thinking individuals who can effectively integrate it into their daily work. The ideal candidate will be a catalyst for change, helping us use AI to create a more efficient and rewarding employee experience while also developing cutting-edge solutions that delight and serve our customers. Join us in shaping a future where AI empowers our team to do their best work and helps us deliver unparalleled customer experiences.
This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.
What’s in it for you as an employee of QFG?
- Health & wellbeing resources and programs
- Paid vacation, personal, and sick days for work-life balance
- Competitive compensation and benefits packages
- Work-life balance in a hybrid environment with at least 3 days in office
- Career growth and development opportunities
- Opportunities to contribute to community causes
- Work with diverse team members in an inclusive and collaborative environment
We’re looking for our next Specialist, Digital Threat Hunting. Could It Be You?
Your contribution delivering sustainable and measurable results in the following areas will be very important:
Identifying and taking down customer-facing and external digital threats by developing novel techniques and custom tooling for monitoring phishing sites, brand impersonation, typosquatting domains, credential harvesting campaigns, and fraud targeting the organization and its customers, going beyond reliance on off-the-shelf vendor platforms. You will be primarily involved in investigating patterns of digital fraud at the deepest technical levels, including reverse-engineering phishing kits through static and dynamic analysis, deobfuscating malicious JavaScript, PHP, and HTML, and recreating full exploitation chains end-to-end to understand attacker tactics and customer exposure. You will leverage interception and traffic analysis tooling such as BurpSuite to dissect attacker infrastructure, coordinate evidence gathering, and execute takedown requests with domain registrars, hosting providers, and platform abuse teams, while tracking dark web forums, marketplaces, and threat actor communication channels for emerging threats targeting the business.
Beyond external threats, you will support internal threat hunting activities by sharing IOCs, TTPs, and adversary tradecraft uncovered during fraud investigations, collaborating on joint investigations where external campaigns overlap with internal compromise indicators, and contributing to the ongoing maintenance and development of the threat hunting query library. You will be working alongside internal customers and our vendor support teams to ensure we are utilizing our security tools in accordance with corporate policies and growing business needs, work closely with Cybersecurity, Fraud Response, and IT teams to align priorities and execute plans for new initiatives, build PoC code and automation to support anti-fraud engineering efforts, mentor junior analysts on reverse-engineering and phishing analysis techniques, and contribute to process improvements and build documentation for new tools and detection workflows.
Need more details? Keep reading…
You will:
- Create novel techniques for identifying phishing sites, typosquatting domains, and fraudulent web properties targeting the organization and its customers.
- Coordinate, gather evidence and execute takedown requests with domain registrars, hosting providers, and platform abuse teams.
- Create novel techniques for monitoring social media platforms for brand impersonation, fake accounts, and fraud campaigns targeting customers.
- Track and investigate digital fraud patterns, credential harvesting campaigns, and customer-targeted scams via reverse-engineering, deobfuscation techniques, and recreation of exploitation chains.
- Provide intelligence gathered via exploitation emulation or reverse-engineering
- Produce digital fraud metrics: phishing sites identified, takedown success rate, average time-to-takedown, social media impersonation cases resolved.
- Collaborate with the Security Engineer by providing PoC code on anti-fraud engineering tooling and automation for detection and takedown workflows.
- Perform investigations on suspicious domains, registrants, and hosting infrastructure through passive enumeration and scanning.
- Analyze phishing kits and credential harvesting pages through networking tools like BurpSuite to understand attacker tactics and customer exposure.
- Track dark web and underground forums for discussion of fraud campaigns targeting the organization and its customers.
- Document takedown requests, outcomes, and lessons learned for continuous improvement of fraud prevention workflows.
- Monitor threat feeds and external intelligence sources for emerging fraud TTPs and threat actor activity.
- Coordinate with customer support and fraud response teams to assess customer impact and provide incident guidance.
- Support communication with customers affected by phishing, impersonation, or fraud campaigns.
- Maintain awareness of regulatory requirements and industry standards related to brand protection and fraud prevention.
- Mentor junior analysts on OSINT techniques, phishing analysis, and digital fraud investigation methods.
- Communicate digital fraud findings, trends, and recommendations to technical and non-technical stakeholders.
- Track and report on digital threat hunter program metrics (cases handled, investigation turnaround time, threat intel shared).
- Support internal threat hunting activities by assisting with hypothesis-driven hunts across endpoint, network, identity, and cloud telemetry when additional capacity or fraud-related expertise is needed.
- Share IOCs, TTPs, and adversary tradecraft uncovered during fraud investigations with the threat hunting team to enrich internal hunts and pivot into related activity.
- Collaborate with threat hunters on joint investigations where external fraud campaigns overlap with internal compromise indicators (e.g., credential harvesting leading to account takeover).
- Support the on-going maintenance and development of the vast library of threat hunting scheduled queries.
So are YOU our next Specialist, Digital Threat Hunting? You are if you have…
- 3+ years of relevant experience in digital fraud investigation, brand protection, reverse-engineering, threat intelligence, or security operations.
- Demonstrated ability to develop novel techniques and tooling for identifying phishing infrastructure, typosquatting domains, brand impersonation, and customer-targeted fraud at scale beyond reliance on off-the-shelf vendor platforms.
- Deep hands-on experience applying reverse-engineering techniques, tools, and methodologies (e.g., static and dynamic analysis, debuggers, disassemblers) to investigate phishing kits, malicious payloads, and digital fraud campaigns.
- Proven ability to deobfuscate malicious JavaScript, PHP, HTML, and other client/server-side code used in credential harvesting pages and phishing kits, and to recreate full exploitation chains end-to-end.
- Strong proficiency with interception and traffic analysis tooling (e.g., BurpSuite, mitmproxy, Fiddler) for dissecting phishing pages, attacker infrastructure, and customer exposure paths.
- Experience designing and executing takedown campaigns against domain registrars, hosting providers, social media platforms, and platform abuse teams - including evidence preservation, escalation paths, and dealing with uncooperative providers.
- Experience tracking digital fraud TTPs, credential harvesting operations, and customer-targeted scams across web, mobile, and social channels, with the technical depth to attribute infrastructure and pivot across campaigns.
- Exposure to internal threat hunting concepts, including hypothesis-driven hunts, IOC/TTP pivoting, and correlating external fraud indicators with internal endpoint, network, identity, or cloud telemetry.
- Strong understanding of domain registration, DNS, WHOIS, passive DNS, certificate transparency logs, BGP, and broader internet infrastructure fundamentals as well as how to weaponize these for proactive fraud discovery.
- Working knowledge of social media platforms and the technical indicators required to identify brand impersonation, fake accounts, and coordinated inauthentic behavior at scale.
- Demonstrated experience navigating dark web monitoring tools, underground forums, marketplaces, and threat actor communication channels relevant to fraud and brand abuse.
- Familiarity with fraud frameworks, anti-fraud platforms, and industry standards for brand protection, customer safety, and regulatory compliance.
- Experience operationalizing intelligence from dark web monitoring solutions and threat intelligence platforms into actionable detection and takedown workflows.
- Familiarity with threat hunting query languages (e.g., KQL, SPL, ES|QL) and contributing to or maintaining detection and hunt query libraries.
- Solid development skills (Python preferred) for building custom detection tooling, automating fraud discovery and takedown workflows, scripting reverse-engineering pipelines, and producing PoC code for anti-fraud engineering efforts.
- Active participation in fraud prevention, brand protection, reverse-engineering, or threat hunting communities.
Brownie points if you have...
GOSI, SANS FOR589, GCTI, HTB CWES (or above), OSED or similar relevant certifications.
Compensation Information:
- Base salary range: $80,000 - $100,000
- The final compensation package will be commensurated with the successful candidate's experience, skills, and geographic location (Canada). It includes a comprehensive benefits plan and a competitive incentive (bonus) program for Full-Time Permanent roles.
Sounds like you? Click below to apply!
#LI-Hybrid #LI-MM1
At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.
Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review.
Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.
