Staff Application Security Engineer
United States
NerdWallet is looking for a Staff Application Security Engineer to help advance our Security Engineering team by leading high-priority product security initiatives. This person will play a pivotal role in securing NerdWallet’s software ecosystem, reducing the risk of breaches, and building trust with customers and stakeholders. By proactively addressing security challenges, this role will help safeguard NerdWallet’s reputation, assets, and data.
The Staff Application Security Engineer will be responsible for securing NerdWallet products, by identifying risks early in the SDLC and developing application security tooling & processes to promote a ‘shift left’ security culture. You will be responsible for developing and scaling the security function by integrating security in the application development process, conducting security-related research and assessments, developing custom automated security and anti-fraud solutions, providing security analysis/design/training to the organization, and developing the technical skills of junior security engineers.
Where you can make an impact:
- Ensure the timely delivery of high-priority product security initiatives
- Be a strategic advisor to the Application and Product Security Program
- Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements
- Participate in expanding and maturing NerdWallet’s SSDLC program and its early adoption
- Partner with cross-functional teams to identify product and application vulnerabilities and propose potential remediation opportunities and prioritization
- Design and develop security tools and processes to be leveraged by development teams
- Work closely with engineering to sustain processes or convert manual integrations to automated pipeline activities
- Help build the Red Team
- Be a technical mentor to junior members of the team and help develop their skills
Your experience:
We recognize not everyone will meet all of the criteria. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you.
- 8 + years of professional experience as a security engineer, software engineer, site reliability engineer, penetration tester/ red team member, or security consultant
- 5+ years of experience working in Agile development, with expertise in technologies such as cloud environments (e.g., AWS), application security testing tools (e.g., SAST, DAST, SCA), infrastructure as code (e.g., Terraform), containers (e.g., Docker, Kubernetes), continuous integration (e.g., Jenkins, GitHub Actions), integration of security testing tools into CI pipelines, defect tracking (e.g., Jira), and source code management (e.g., GitHub)
- Advanced knowledge of: Python, Typescript, and other languages (Go, PHP)
- High-level understanding of: security weaknesses, exploits, attacks and mitigations
- In-depth knowledge of common application and network protocols, cryptographic primitives, authentication and authorization protocols, as well as common security threats, including attack techniques, evasive techniques, and preventative and defensive methods
- Experience leading or participating in Security Development Lifecycle Practices, Threat Modeling, Technical Design Review, and Security Code Review
- Proven success as a collaborator with the ability to convey high-level security concepts to team members across the organization and technical and non-technical stakeholders at all levels
Where:
- This role will be remote (based in the U.S.).
- We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.
What we offer:
Work Hard, Stay Balanced (Life’s a series of balancing acts, eh?)
- Industry-leading medical, dental, and vision health care plans for employees and their dependents
- Rejuvenation Policy – Vacation Time Off + 11 holidays + 4 Mental Health Days Off
- New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
- Mental health support
- Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
- Health and Dependent Care FSA and HSA Plan with monthly NerdWallet contribution
- Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend
- Work from home equipment stipend and co-working space subsidy
Have Some Fun! (Nerds are fun, too)
- Nerd-led group initiatives – Employee Resource Groups for Parents, Diversity, and Inclusion, Women, LGBTQIA, and other communities
- Hackathons and team events across all teams and departments
- Company-wide events like NerdLove (employee appreciation) and our annual Charity Auction
- Our Nerds love to make an impact by paying it forward – Take 8 hours of volunteer time off per quarter and donate to your favorite causes with a company match
Plan for your future (And when you retire on your island, remember the little people)
- 401K with company match
- Be the first to test and benefit from our new financial products and tools
- Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar
- Disability and Life Insurance with employer-paid premiums
If you are based in California, we encourage you to read this important information for California residents linked here.
NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment.
NerdWallet participates in the Department of Homeland Security U.S. Citizenship and Immigration Services E-Verify program for all US locations. For more information, please see:
- E-Verify Participation Poster (English+Spanish/Español)
- Right to Work Poster (English) / (Spanish/Español)
#LI-DNP
#LI-4
#LI-Remote
Base pay offered may vary within the posted range based on several factors, including but not limited to education, job-related knowledge, skills, experience, and location.
The pay range for this role is $152,000—$282,000 USD ApplyJob Profile
Cell Phone Stipend Company-wide events Dental Employee Resource Groups Equipment stipend Flexible work environment FSA Health and Dependent Care FSA and HSA Plan HSA Industry-leading medical, dental, and vision health care plans Medical Medical, dental, and vision health care plans Mental Health Days Mental health support Monthly wellness stipend Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend Nerd-led group initiatives New Parent Leave Paid sabbatical Rejuvenation policy Remote-first company Remote work Support for well-being Vacation Vacation time Vision Volunteer time off Wellness stipend Wifi Stipend Work from home equipment Work from home equipment stipend
Tasks- Collaborate with teams
- Conduct security assessments
- Develop security tooling
- Drive security initiatives
- Identify risks
- Mentor junior engineers
- Provide Security training
- Secure products
Agile Application protocols Application Security Application security testing Attacks Authentication protocols Authorization protocols AWS Cloud environments Continuous Integration Cryptographic primitives DAST Defect Tracking Design Docker Exploits GitHub GitHub Actions Go Infrastructure Infrastructure as Code Insurance Jenkins Jira Kubernetes Mitigations Network protocols PHP Python SAST SCA Security code review Security testing tools Security threats Security weaknesses Source Code Management Technical design review Terraform Testing Threat modeling Typescript
Experience8 years
Education TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9