Tech Stack

PythonJavaScriptAWSOWASP Top 10

About the role

Role Overview

Join NerdWallet's Application Security team as a Security Engineer II to help safeguard products and services by reducing security risk throughout the software development lifecycle. You'll partner closely with engineering teams across the company to strengthen security posture through improved tooling, workflows, and standards.

Key Responsibilities

Help scale NerdWallet's application security program through automation, tooling, and developer enablement
Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities
Build tools, processes, and automation that improve security posture visibility for engineers and leadership
Review pull requests and provide actionable guidance on secure coding practices
Support operational work during security investigations or incidents affecting applications
Help integrate security practices into the secure development lifecycle (SDLC) across teams
Triage and respond to security findings and alerts generated by application security tools
Collaborate with engineers to remediate vulnerabilities and improve secure coding practices

Required Experience

2+ years of experience in application security, software engineering, or a related security role
Experience identifying, triaging, and remediating security vulnerabilities in applications
Experience working with software deployed in cloud environments, particularly AWS
Proficiency in Python or another scripting language used for automation
Comfortable reading and reviewing JavaScript or similar application code
Familiarity with common web application vulnerabilities and mitigation techniques (e.g., OWASP Top 10)

Nice-to-Have

Experience or interest in building automation, tooling, or processes that improve application security workflows
Comfortable learning new programming languages, frameworks, or security tools as needed
Experience with penetration testing and red team campaigns

Ideal Candidate Profile

Pragmatic in approach, balancing security improvements with product and engineering priorities
Curious and motivated to continuously grow application security knowledge
Collaborative and comfortable debating complex problems with teammates
Committed to fostering a respectful, blameless, and collaborative engineering culture
Interested in helping engineers understand and adopt secure development practices

About NerdWallet

NerdWallet is a financial services company on a mission to bring clarity to all of life's financial decisions. They build inclusive, flexible products and services designed to safeguard users' data and trust while empowering financial decision-making.