Enable job alerts via email!

Staff Application Security Engineer (CAN)

NerdWallet

Canada

Remote

CAD 90,000 - 150,000

Full time

2 days ago
Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An innovative firm is seeking a Staff Application Security Engineer to lead essential security initiatives within their software ecosystem. In this pivotal role, you will identify risks early in the software development lifecycle and develop robust security tools and processes. Collaborating with cross-functional teams, you'll enhance application security while mentoring junior engineers. This remote-first company offers a supportive environment with diverse benefits, ensuring your well-being and professional growth. Join a team dedicated to safeguarding digital assets and building trust with customers through proactive security measures.

Benefits

Monthly Healthcare Stipend
Rejuvenation Policy
Paid Sabbatical
Wellness Stipend
Wifi Stipend
Cell Phone Stipend
Work from Home Equipment Stipend
Employee Resource Groups
Hackathons and Team Events
Financial Wellness Guidance

Qualifications

  • 8+ years of experience in security engineering or related fields.
  • Expertise in application security testing tools and cloud environments.
  • Proven success in collaboration and conveying security concepts.

Responsibilities

  • Lead high-priority product security initiatives and drive key security improvements.
  • Develop application security tooling and processes for the development teams.
  • Mentor junior team members and help build the Red Team.

Skills

Application Security
Cloud Environments (AWS)
Python
Typescript
Agile Development
Security Testing Tools (SAST, DAST)
Threat Modeling
Collaboration

Tools

Terraform
Docker
Kubernetes
Jenkins
GitHub Actions
Jira
GitHub

Job description

NerdWallet is looking for a Staff Application Security Engineer to help advance our Security Engineering team by leading high-priority product security initiatives. This person will play a pivotal role in securing NerdWallet’s software ecosystem, reducing the risk of breaches, and building trust with customers and stakeholders. By proactively addressing security challenges, this role will help safeguard NerdWallet’s reputation, assets, and data.

The Staff Application Security Engineer will be responsible for securing NerdWallet products by identifying risks early in the SDLC and developing application security tooling & processes to promote a ‘shift left’ security culture. You will be responsible for developing and scaling the security function by integrating security in the application development process, conducting security-related research and assessments, developing custom automated security and anti-fraud solutions, providing security analysis/design/training to the organization, and developing the technical skills of junior security engineers.

Where you can make an impact:
  • Ensure the timely delivery of high-priority product security initiatives

  • Be a strategic advisor to the Application and Product Security Program

  • Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements

  • Participate in expanding and maturing NerdWallet’s SSDLC program and its early adoption

  • Partner with cross-functional teams to identify product and application vulnerabilities and propose potential remediation opportunities and prioritization

  • Design and develop security tools and processes to be leveraged by development teams

  • Work closely with engineering to sustain processes or convert manual integrations to automated pipeline activities

  • Help build the Red Team

  • Be a technical mentor to junior members of the team and help develop their skills

Your experience:

We recognize not everyone will meet all of the criteria. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you.

  • 8 + years of professional experience as a security engineer, software engineer, site reliability engineer, penetration tester/ red team member, or security consultant

  • 5+ years of experience working in Agile development, with expertise in technologies such as cloud environments (e.g., AWS), application security testing tools (e.g., SAST, DAST, SCA), infrastructure as code (e.g., Terraform), containers (e.g., Docker, Kubernetes), continuous integration (e.g., Jenkins, GitHub Actions), integration of security testing tools into CI pipelines, defect tracking (e.g., Jira), and source code management (e.g., GitHub)

  • Advanced knowledge of: Python, Typescript, and other languages (Go, PHP)

  • High-level understanding of: security weaknesses, exploits, attacks and mitigations

  • In-depth knowledge of common application and network protocols, cryptographic primitives, authentication and authorization protocols, as well as common security threats, including attack techniques, evasive techniques, and preventative and defensive methods

  • Experience leading or participating in Security Development Lifecycle Practices, Threat Modeling, Technical Design Review, and Security Code Review

  • Proven success as a collaborator with the ability to convey high-level security concepts to team members across the organization and technical and non-technical stakeholders at all levels

Where:
  • This is a remote position and a person can be located anywhere in Canada (with the exception of Quebec).

  • NerdWallet is proud to be a remote-first company! We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.

What we offer:

Work Hard, Stay Balanced (Life’s a series of balancing acts, eh?)

  • Monthly Healthcare Stipend

  • Rejuvenation Policy – Vacation Time Off + You will receive the official public holidays in your province + 4 Mental Health Days Off

  • Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests

  • Monthly Wellness Stipend, Wifi Stipend, and Cell Phone Stipend

  • Work from home equipment stipend

Have Some Fun! (Nerds are fun, too)

  • Nerd-led group initiatives – Employee Resource Groups for Parents, Diversity, and Inclusion, Women, LGBTQIA, and other communities

  • Hackathons and team events across all teams and departments

  • Company-wide events like NerdLove (employee appreciation) and our annual Charity Auction

Plan for your future (And when you retire on your island, remember the little people)

  • RRSP with a 4% match. Eligible one month after hire.

  • Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar.

NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment.

#LI-DNP

#LI-Remote

#LI-4

Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.