Security Engineer II Canada
NerdWallet
full-remotemidpermanentsecurity Remote 55 days ago via RemoteOK
See how well this job matches your profile
Sign up to get an AI match score and generate a tailored application in seconds.
Get your match scoreTags
Application SecurityOWASP Top 10Secure SDLCAWSPythonJavaScriptVulnerability ManagementAutomationPenetration TestingIncident Response
About the role
Role overview
NerdWallet is seeking a Security Engineer II to join its Application Security team. You will partner with engineering teams to reduce security risk across the software development lifecycle (SDLC), strengthening security posture through improved tooling, workflows, and standards—while maintaining a strong developer experience.
Responsibilities
- Scale NerdWallet’s application security program via automation, tooling, and developer enablement
- Partner with engineering and product teams to identify and remediate security gaps across multiple systems
- Build tools/processes/automation that improve security posture visibility for engineers and leadership
- Review pull requests and provide actionable guidance on secure coding practices
- Support operational work during security investigations or application incidents
- Help integrate security practices into the secure SDLC across teams
What you might have worked on (examples)
- Designed and implemented an on-call activities dashboard
- Triaged and responded to security findings and alerts from application security tools
- Completed a penetration test and participated in red team campaigns
- Collaborated with engineers to remediate vulnerabilities and improve secure coding practices
- Contributed to automation/tooling to improve visibility into application security risks
Requirements
- 2+ years in application security, software engineering, or a related security role
- Experience identifying, triaging, and remediating application security vulnerabilities
- Experience working with applications deployed in cloud environments, particularly AWS
- Proficient in Python or another automation-oriented scripting language
- Comfortable reading/reviewing JavaScript (or similar application code)
- Experience or interest building automation/tooling/processes for application security workflows
- Familiarity with common web vulnerabilities and mitigations, including OWASP Top 10
- Collaborative mindset: comfortable asking questions, seeking guidance, and working through complex problems with teammates
Nice-to-have (implied)
- Curiosity and motivation to continuously grow application security knowledge and skills
About NerdWallet
NerdWallet is a financial technology company focused on bringing clarity to important financial decisions. It builds products and services that help people make better choices, with a strong emphasis on delivering security and trust for user data.
Scraped 4/1/2026