Engineering

We're building the data infrastructure and consumer applications that support our core business and developing products.
All listings
Apply now
San Francisco, CA or Remote (Based in the U.S.)

Staff Application Security Engineer

We are looking to hire a Staff Security Engineer to join our Application Security team. The Application Security team enables NerdWallet’s mission to provide clarity for all of life’s financial decisions by taking steps to ensure the product and services we design and build safeguard user data and privacy.
In this role, you can expect a high level of responsibility for providing guidance to partners on designing secure applications that mitigate risk and prevent harm to user trust throughout the lifecycle of products. You’ll also have the opportunity to mature our tools, workflows, and standards that lead to secure software coding practices throughout the development lifecycle, while providing a phenomenal developer experience and empowering partners to take ownership of the security posture of their products.
The right candidate can handle multiple priorities while balancing security and business needs and takes ownership of critical initiatives that meaningfully mature our security posture. If you are someone who wants to develop their skills in maturing an application security program, we encourage you to apply!
If you were here 6 months ago, here are some things you might have worked on:
  • Collaborated with partners in multiple verticals to risk assess and create security guardrails for business critical vendor integrations (e.g. Customer Data Platform, Cross-channel Marketing Platform)
  • Defined requirements and guided execution for application security testing tools to feed a vulnerability management system that can drive remediation conversations
  • Developed a prescriptive guide for storing sensitive data in native mobile and web applications for engineers to self-serve security best practices
  • Developed a cryptography wrapper library in Python and Go to ease the use of secure encryption and hashing by engineers
  • Coached teammates on technical design and development as they work to deliver strategic security initiatives

Where you can make an impact:

  • Identify and develop engineering and operational opportunities to strategically and systematically reduce application security risk across multiple verticals
  • Own pivotal initiatives that enhance and measure the success and health of our secure software development lifecycle in a meaningful way
  • Influence engineering and product partners to remediate security gaps across multiple functional areas while balancing company and security needs
  • Provide constructive guidance to teammates that encourages their growth as an application security engineer

You are:

  • A subject matter expert in industry standards, risk mitigation techniques, and new developments within application security
  • Pragmatic in your approach to reducing risk in a manner that incorporates business and product needs
  • Focused on scaling application security through enabling secure by default designs, engineering solutions, and process improvements
  • Excited to lead roadmap items outside your core competencies to move the program forward and adapt to prioritize critical tasks as they arise
  • An ambassador for fostering a respectful, blameless, and collaborative work environment

Your experience:

We recognize not everyone will meet all of the criteria. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you.
  • 6+ years of experience in a professional application or product security engineering role
  • 2+ years of experience in a professional software engineering role or writing production environment code
  • Proficient in Python or Go and comfortable with learning new languages if needed
  • Collaborated with partners to risk assess cloud-native service oriented architectures, like Identity and Access Management systems, and know how security risks can present themselves in design and development
  • Evaluated and deployed or written security testing tools in a software development lifecycle and understand the challenges with adoption and remediation

Where:

  • This role will be based in San Francisco, CA or remote (based in the U.S.).
  • We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.

What we offer:

Pay Transparency
  • The salary range for this role is $152,000-$282,000.
  • Base pay offered may vary within the posted range based on several factors, including but not limited to education, job-related knowledge, skills, experience, and location.
Work Hard, Stay Balanced (Life’s a series of balancing acts, eh?)
  • Industry-leading medical, dental, and vision health care plans for employees and their dependents
  • Rejuvenation Policy – Flexible Time Off + 13 holidays + 4 Mental Health Days Off
  • New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
  • Mental health support through Ginger.io
  • Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar
  • Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
  • Health and Dependent Care FSA and HSA Plan with monthly NerdWallet contribution
  • Weekly Virtual Bootcamp, Yoga, and Mindfulness Meditation sessions
  • Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend
Have Some Fun! (Nerds are fun, too)
  • Nerd-led group initiatives – Intramural Sports, Employee Resource Groups for Parents, Diversity, and Inclusion, Women, LGBTQIA, and other communities
  • Hackathons, Happy Hours, and team events across all teams and departments
  • Company-wide events like Little Nerds Day (aka bring your kids to work day, even if you're remote!) and our annual Charity Auction
Lifestyle (Be your best self - we’ll take care of the details)
  • Our Nerds love to make an impact by paying it forward – Donate to your favorite causes with a company match
  • Work from home equipment stipend and co-working space subsidy
  • Anniversary recognition program – choose from different items and experiences
  • Commuting stipend
Plan for your future (And when you retire on your island, remember the little people)
  • 401K with company match
  • Annual Enrichment Stipend for learning and development
  • Be the first to test and benefit from our new financial products and tools
  • Access to Rocket Lawyer for online legal support and resources
If you are based in California, we encourage you to read this important information for California residents linked here.
NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of any characteristic protected by applicable federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
#LI-MPLX
#LI-DS1
#LI-Remote
 

Apply for this role