Application Security Engineer

Overview: We are seeking an experienced Application Security Engineer to serve as a trusted partner to our software development teams. This role focuses on making our product secure by design-embedding security into how software is architected, written, deployed, and maintained. Unlike infrastructure security roles, this position centers on application-layer and code-level security, working closely with developers to enable fast, confident delivery by providing meaningful, actionable security tooling and feedback. This includes leveraging modern AI-assisted techniques to accelerate vulnerability analysis, exploit chaining, and demonstration of actual risk. You will ensure engineering teams move faster-not slower-while minimizing noise. This role is part of the IT & Security team and prioritizes embedding guardrails into developer workflows rather than enforcement gates.

About Nerdy:

At Nerdy (NYSE: NRDY) - the company behind Varsity Tutors - we're redrawing the blueprint of learning. Our Live + AI platform fuses real-time human expertise with proprietary generative-AI systems, setting a new bar for measurable academic impact at global scale. We recruit the kind of technologists and operators you'd bet on as solo founders - people who turn ambiguous problems into shipping code, iterate faster than markets move, and compound their advantage with every data point. In an era where great employees can deliver 10-times the leverage of the merely good, we back those who play to win.

Fortune favors the bold. Join us.

How we compete:

• AI-Native at every levelFrom the CEO to day-one hires, everyone builds and ships with generative AI. If you're not wielding AI, you're not done.
• Entrepreneurial velocityMove at founder speed, prototype in hours, and measure in real user outcomes. Slow teams die.
• Free-market rigorIdeas rise or fall on merit and results - no committees, no politics, no cap on upside.
• Full-stack ownershipYou design, build, and run what you ship; accountability is a feature, not a bug.
• Reward for contributionPay rises with impact, not years. Outstanding results earn outsized rewards. We evaluate both what you achieve and how you achieve it: living our leadership principles and using AI effectively are formally measured and rewarded.
• Relentless explorationPush the frontier of generative AI in live learning and - because only the paranoid survive - questioning every legacy assumption along the way.
• Is ApoliticalYou stay focused on mission-aligned outcomes, not distractions or unrelated causes.

If you're a technically minded builder who thrives on open competition, personal responsibility, and the chance to redefine how the world learns - while continually stretching the limits of what generative AI can do - come do the most ambitious and rewarding work of your career here. Learn more at nerdy.com.Nerdy's shareholder letters below explain our latest products and strategy:

• Q2-2025 Shareholder Letter
• Q1-2025 Shareholder Letter
• Q4-2024 Shareholder Letter

Qualifications: Required:

• Experience as an Application Security Engineer, Security Consultant, or Security-focused Software Engineer.
• Strong understanding of secure coding practices and common vulnerability patterns.
• Ability to apply common web application attack techniques and create proof-of-concept exploits to validate whether vulnerabilities are exploitable in our environment.
• Proven ability to analyze exploit chains and demonstrate actual risk, leveraging AI to accelerate discovery and validation.
• Hands-on experience integrating security tooling into CI/CD pipelines.
• Familiarity with Ruby, Go, JavaScript/React, and related frameworks.
• Deep familiarity with OWASP guidance, including the OWASP Top 10, Application Security Verification Standard (ASVS), and Secure Coding Guidelines.
• Partner with DevOps to embed application security into CI/CD pipeline design and practices.
• Ability to assess and communicate application risk in architectural and business context.
• Comfortable demonstrating real-world exploits to technical and non-technical stakeholders.
• Excellent written and verbal communication skills in an async-first, remote environment.

Preferred:

• Experience leveraging and adapting open-source tools and frameworks for application security testing and validation.
• Experience with API security testing and continuous monitoring, leveraging AI for fuzzing, intelligent input generation, and automated discovery.
• Experience building or maintaining secure development training programs.
• Security certifications (OSWE, OSCP, GIAC) are a plus but not required.

Responsibilities:

• Enable engineering teams to move quickly while embedding security into development workflows-security and speed go hand-in-hand.
• Partner with engineering on secure use of AI services, evaluating controls such as AI gateways, prompt inspection, and policy enforcement.
• Identify, prioritize, and implement security tooling in developer environments and CI/CD pipelines, with AI-assisted triage to reduce noise and highlight exploitable risks.
• Collaborate with developers to identify vulnerabilities in code, APIs, and dependencies; improve secure coding awareness; and participate in design reviews and threat modeling.
• Demonstrate practical exploit techniques to raise security awareness and drive remediation, including chaining multiple weaknesses across services to illustrate end-to-end risk.
• Analyze vulnerabilities across code, dependencies, APIs, and logic, with AI-assisted techniques to identify and prioritize exploit chains.
• Build or adapt automation scripts and tools for continuous security validation, , using AI copilots to accelerate script generation and validation.
• Provide coaching, documentation, and embedded training to help developers understand and apply security guidance within their workflows.
• Continuously evaluate emerging AI and application security threats and detection techniques.
• Lead incident response activities as part of the incident commander rotation.
• Drive continuous improvement of incident response runbooks and playbooks.

Unlock Your Full Potential at Nerdy:

Join our worldwide team-work from home, get great pay, and help shape the future of learning. Here's what you get:

• Competitive USD Compensation: Enjoy a market-leading rate paid in U.S. dollars.
• 100% Remote (Home Country Only): Work from anywhere in your home country-no relocation required, no borders crossed.
• Flexible Time Off: Our flexible PTO lets you recharge on your own terms and when you need it the most.
• Local Holiday Pay: We honor your nation's official holidays with paid time off-celebrate what matters to you.
• Continuous Learning: Get a free, all-inclusive learning membership for you and your household-including 1-on-1 tutoring hours, unlimited on-demand classes, and access to our full suite of learning products and services.
• Supercharge with AI: Gain exclusive access to cutting-edge AI tools that boost your productivity, making you feel almost super-human (cape not included).
• Feedback-Rich, Collaborative Culture: Tap into regular training, peer reviews, and a team that treats every team member as a vital collaborator and owner in our success.
• Make a Global Impact: Your expertise fuels an innovative platform used by learners around the world-be part of something transformative.

The Bottom Line:

If you're driven by impact, energized by ownership, and excited to help shape what's next, you'll thrive here. We move fast, think big, and reward those who deliver. This isn't a traditional corporate environment - it's a place to do the most meaningful work of your career.