Security Engineer II (AppSec) - Canada

NerdwalletNerdwallet·Remote(NerdWallet Canada)
Software Development

WFA Digital Insight

The demand for skilled security professionals has grown significantly, with a 25% increase in application security roles in the past year. As a Security Engineer II at Nerdwallet, you'll be at the forefront of protecting users' data and trust. With the shift to remote work, companies are looking for experts who can collaborate effectively and build secure solutions. Nerdwallet stands out for its commitment to employee growth and well-being, making this an attractive opportunity for those looking to make an impact in the industry. Before applying, consider how your skills align with the company's mission and what you can bring to the table in terms of application security expertise.

Job Description

About the Role

As a Security Engineer II at Nerdwallet, you will play a crucial role in the company's Application Security team. Your primary focus will be on reducing security risk throughout the software development lifecycle by partnering closely with engineering teams across the company. You will contribute to initiatives that strengthen Nerdwallet's security posture by improving tooling, workflows, and standards that help engineers build secure software while maintaining a great developer experience.

The Application Security team is dedicated to ensuring that the products and services Nerdwallet designs and builds safeguard users' data and trust. This is a collaborative environment where you will work closely with various stakeholders to identify and remediate security gaps, balancing business priorities with security improvements. Your expertise will be instrumental in scaling Nerdwallet's application security program through automation, tooling, and developer enablement.

What You Will Do

  • Partner with engineering teams to reduce security risk throughout the software development lifecycle
  • Design and implement scalable solutions to security challenges
  • Collaborate on initiatives to improve tooling, workflows, and standards for secure software development
  • Contribute to the development of automation and tooling that improves visibility into application security risks
  • Review pull requests and provide actionable guidance on secure coding practices
  • Support operational work during security investigations or incidents affecting applications
  • Help integrate security practices into the secure development lifecycle (SDLC) across teams
  • Participate in penetration testing and red team campaigns to identify vulnerabilities
  • Develop and maintain documentation for security practices and standards
  • Stay up-to-date with the latest security threats and technologies to continuously improve Nerdwallet's security posture

What We Are Looking For

  • 2+ years of experience in application security, software engineering, or a related security role
  • Familiarity with common web application vulnerabilities and mitigation techniques, such as the OWASP Top 10
  • Experience identifying, triaging, and remediating security vulnerabilities in applications
  • Experience working with software deployed in cloud environments, particularly AWS
  • Proficiency in Python or another scripting language used for automation
  • Comfortable reading and reviewing JavaScript or similar application code
  • Experience or interest in building automation, tooling, or processes that improve application security workflows
  • Strong communication skills for collaborating with engineers and other stakeholders
  • Commitment to fostering a respectful, blameless, and collaborative engineering culture

Nice to Have

  • Experience with security information and event management (SIEM) systems
  • Knowledge of containerization and orchestration technologies like Docker and Kubernetes
  • Familiarity with agile development methodologies and version control systems like Git
  • Experience with compliance frameworks and regulations such as GDPR and CCPA

Benefits and Perks

  • Opportunity to work with a talented team of professionals in a collaborative environment
  • Flexible remote work arrangements to support your well-being and productivity
  • Comprehensive health insurance and benefits package
  • Generous paid time off and holiday policy
  • Professional development opportunities and support for continuous learning
  • Access to the latest technologies and tools to stay ahead in the field
  • Recognition and reward for outstanding performance and contributions
  • A stipend for home office setup and ongoing remote work expenses

How to Stand Out

  • Ensure your portfolio or resume highlights specific examples of application security projects you've worked on, including any tools or technologies used.
  • Practice explaining complex security concepts in simple terms, as effective communication with non-technical stakeholders is key.
  • Be prepared to discuss your experience with cloud security, particularly AWS, and how you've handled security challenges in cloud environments.
  • Show enthusiasm for continuous learning and professional development, as the security landscape is constantly evolving.
  • Prepare to back your claims of proficiency in programming languages like Python with examples or coding challenges.
  • Research Nerdwallet's products and services to understand how your role can impact the company's mission and user trust.
  • Consider reaching out to current or former employees to gain insight into the company culture and what makes a successful Security Engineer II at Nerdwallet.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.