Startup Jobs
Post a Job

NerdWallet is hiring a

Security Engineer II (Application)

We are seeking a Security Engineer II to join our Application Security team. The Application Security team enables NerdWallet’s mission, to provide clarity for all of life’s financial decisions, by taking steps to ensure the products and services we design and build safeguard our user’s data and trust.

In this role, you can expect to partner with technical teams across the company, executing on initiatives that mitigate risk and prevent harm to user trust throughout the lifecycle of products. You’ll have the opportunity to mature the tools, workflows, and standards that lead to secure software coding practices, while providing a phenomenal developer experience and empowering partners to take ownership of the security posture of their products.

The right candidate will be eager to help engineers secure their software, have a desire to empower developers, and be a terrific collaborator maturing our security posture in meaningful ways. If you would like to develop your security skills in a supportive environment and contribute to maturing an organization’s security program, we encourage you to apply!

This role will report to a Business Information Security Officer.

If you were here 6 months ago, here are some things you might have worked on: 

  • Designed and Implemented a secret scanner in the CI/CD
  • Helped triage and respond to security events and findings identified by various application security tools
  • Rolled out a Content-Security-Policy response header for various applications

Where you can make an impact: 

  • Help scale our application security program through automation and developer empowerment
  • Influence engineering and product partners to remediate security gaps across multiple functional areas while balancing company and security needs
  • Build tools and processes to drive greater security posture visibility for leadership
  • Review developer pull requests for adherence to security best practices
  • Support operational work in response to security incidents

You are:

  • Familiar with industry standards, risk mitigation techniques, and new developments within application security, e.g. OWASP Top 10
  • Pragmatic in your approach to reducing risk in a manner that incorporates business and product needs that balances time and risk reduction
  • Asking questions, seeking guidance, and soliciting feedback when clarification is needed about assigned work or discussion topics
  • Continuously training to understand application security fundamentals and goals for a company 
  • Committed to fostering a respectful, blameless, and collaborative work environment and are receptive to constructive feedback from peers and mentors

Your experience:

We recognize not everyone will meet all of the criteria. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you.

  • 2+ years of experience in a professional application security engineering role and experience developing software deployed in a cloud environment, especially AWS
  • Identified, triaged, and remediated security vulnerabilities
  • Proficient in Python
  • Comfortable reading JavaScript
  • Comfort with learning new languages as needed

Where:

  • This is a remote position and a person can be located anywhere in Canada (with the exception of Quebec)
  • NerdWallet is proud to be a remote-first company! We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family

What we offer:

Work Hard, Stay Balanced (Life’s a series of balancing acts, eh?)

  • Monthly Healthcare Stipend
  • Rejuvenation Policy – Flexible Time Off + You will receive the official public holidays in your province + Mental Health Days
  • Pregnancy and Parental leave – NerdWallet will top up your pay so you receive 100% of your salary for 12 weeks for pregnancy leave and 12 weeks for parental leave
  • Mental health support through Headspace 
  • Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
  • Weekly Virtual Bootcamp, Yoga and Mindfulness Meditation sessions
  • Monthly Wellness Stipend and Cell Phone Stipend
  • WiFi stipend and work from home equipment stipend

Have Some Fun! (Nerds are fun, too)

  • Nerd-led group initiatives – Intramural Sports, Employee Resource Groups for Parents, Diversity, Equity, and Inclusion, Women, LGBTQIA, and other communities
  • Hackathons, Happy Hours and team bonding across all teams and departments
  • Company-wide events like Little Nerds Day (aka bring your kids to work day, even if you're remote!) and our annual Charity Auction 

Plan for your future (And when you retire on your island, remember the little people)

  • Annual Enrichment Stipend for learning and development
  • RRSP with a 4% match. Eligible one month after hire.

NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment.  

#LI-DNI
#LI-Remote
#LI-3

Base pay offered may vary within the posted range based on several factors, including but not limited to education, job-related knowledge, skills, experience, and location.

The Pay range for this role is
$123,000$188,000 CAD

This job is no longer available

Enter your email address below to get notified whenever we find a similar job post.

Unsubscribe at any time.