Security Engineer II Canada

At NerdWallet, we’re on a mission to bring clarity to all of life’s financial decisions and every great mission needs a team of exceptional Nerds. We’ve built an inclusive, flexible, and candid culture where you’re empowered to grow, take smart risks, and be unapologetically yourself (cape optional). Whether remote or in-office, we support how you thrive best. We invest in your well-being, development, and ability to make an impact because when one Nerd levels up, we all do.We are seeking a Security Engineer II to join our Application Security team. The Application Security team enables NerdWallet’s mission—to provide clarity for all of life’s financial decisions, by helping ensure the products and services we design and build safeguard our users’ data and trust.In this role, you’ll partner closely with engineering teams across the company to reduce security risk throughout the software development lifecycle. You’ll contribute to initiatives that strengthen NerdWallet’s security posture by improving tooling, workflows, and standards that help engineers build secure software while maintaining a great developer experience.This role is ideal for someone who enjoys solving security challenges collaboratively, building scalable solutions, and helping engineers integrate security practices into their day-to-day work. You’ll have the opportunity to grow your application security expertise while contributing meaningfully to a maturing security program.This role will report to a Business Information Security Officer.If you were here 6 months ago, here are some things you might have worked on:Designed and implemented a dashboard for on call activities for the team.Helped triage and respond to security findings and alerts generated by application security toolsCompleted a penetration test of an external system, and participated in red team campaigns.Collaborated with engineers to remediate vulnerabilities and improve secure coding practicesContributed to automation or tooling that improves visibility into application security risksWhere you can make an impact:Help scale NerdWallet’s application security program through automation, tooling, and developer enablementPartner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business prioritiesBuild tools, processes, and automation that improve security posture visibility for engineers and leadershipReview pull requests and provide actionable guidance on secure coding practicesSupport operational work during security investigations or incidents affecting applicationsHelp integrate security practices into the secure development lifecycle (SDLC) across teamsYou are:Familiar with common web application vulnerabilities and mitigation techniques, such as the OWASP Top 10Pragmatic in your approach to reducing risk, balancing security improvements with product and engineering prioritiesCurious and motivated to continuously grow your application security knowledge and skillsComfortable asking questions, seeking guidance, collaborating, and debating with teammates when working through complex problemsCommitted to fostering a respectful, blameless, and collaborative engineering cultureInterested in helping engineers understand and adopt secure development practicesYour experience:2+ years of experience in application security, software engineering, or a related security roleExperience identifying, triaging, and remediating security vulnerabilities in applicationsExperience working with software deployed in cloud environments, particularly AWSProficient in Python or another scripting language used for automationComfortable reading and reviewing JavaScript or similar application codeExperience or interest in building automation, tooling, or processes that improve application security workflowsComfortable learning new programming languages, frameworks, or security tools as neededWhere:This is a remote position and a person can be located anywhere in Canada (with the exception of Quebec).NerdWallet is proud to be a remote-first company! We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.What we offer:Work Hard, Stay Balanced (Life’s a series of balancing acts, eh?)Monthly Healthcare StipendRejuvenation Policy – Vacation Time Off + You will receive the official public holidays in your provincePaid sabbatical for Nerds to recharge, gain knowledge and pursue their interestsMonthly Wellness Stipend, Wifi Stipend, and Cell Phone StipendWork from home equipment stipend Have Some Fun! (Nerds are fun, too)Nerd-led group initiatives – Employee Resource Groups for Parents, Diversity, and Inclusion, Women, LGBTQIA, and other communitiesHackathons and team events across all teams and departmentsCompany-wide events like NerdLove (employee appreciation) and our annual Charity Auction Plan for your future (And when you retire on your island, remember the little people)RRSP with a 4% match. Eligible one month after hire. Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through NorthstarNerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment. #LI-RemotePlease mention the word PHENOMENALLY and tag RODguMTk4Ljk5LjE0Mw== when applying to show you read the job post completely (#RODguMTk4Ljk5LjE0Mw==). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.

At NerdWallet, we’re on a mission to bring clarity to all of life’s financial decisions and every great mission needs a team of exceptional Nerds. We’ve built an inclusive, flexible, and candid culture where you’re empowered to grow, take smart risks, and be unapologetically yourself (cape optional). Whether remote or in-office, we support how you thrive best. We invest in your well-being, development, and ability to make an impact because when one Nerd levels up, we all do.We are seeking a Security Engineer II to join our Application Security team. The Application Security team enables NerdWallet’s mission—to provide clarity for all of life’s financial decisions, by helping ensure the products and services we design and build safeguard our users’ data and trust.In this role, you’ll partner closely with engineering teams across the company to reduce security risk throughout the software development lifecycle. You’ll contribute to initiatives that strengthen NerdWallet’s security posture by improving tooling, workflows, and standards that help engineers build secure software while maintaining a great developer experience.This role is ideal for someone who enjoys solving security challenges collaboratively, building scalable solutions, and helping engineers integrate security practices into their day-to-day work. You’ll have the opportunity to grow your application security expertise while contributing meaningfully to a maturing security program.This role will report to a Business Information Security Officer.If you were here 6 months ago, here are some things you might have worked on:Designed and implemented a dashboard for on call activities for the team.Helped triage and respond to security findings and alerts generated by application security toolsCompleted a penetration test of an external system, and participated in red team campaigns.Collaborated with engineers to remediate vulnerabilities and improve secure coding practicesContributed to automation or tooling that improves visibility into application security risksWhere you can make an impact:Help scale NerdWallet’s application security program through automation, tooling, and developer enablementPartner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business prioritiesBuild tools, processes, and automation that improve security posture visibility for engineers and leadershipReview pull requests and provide actionable guidance on secure coding practicesSupport operational work during security investigations or incidents affecting applicationsHelp integrate security practices into the secure development lifecycle (SDLC) across teamsYou are:Familiar with common web application vulnerabilities and mitigation techniques, such as the OWASP Top 10Pragmatic in your approach to reducing risk, balancing security improvements with product and engineering prioritiesCurious and motivated to continuously grow your application security knowledge and skillsComfortable asking questions, seeking guidance, collaborating, and debating with teammates when working through complex problemsCommitted to fostering a respectful, blameless, and collaborative engineering cultureInterested in helping engineers understand and adopt secure development practicesYour experience:2+ years of experience in application security, software engineering, or a related security roleExperience identifying, triaging, and remediating security vulnerabilities in applicationsExperience working with software deployed in cloud environments, particularly AWSProficient in Python or another scripting language used for automationComfortable reading and reviewing JavaScript or similar application codeExperience or interest in building automation, tooling, or processes that improve application security workflowsComfortable learning new programming languages, frameworks, or security tools as neededWhere:This is a remote position and a person can be located anywhere in Canada (with the exception of Quebec).NerdWallet is proud to be a remote-first company! We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.What we offer:Work Hard, Stay Balanced (Life’s a series of balancing acts, eh?)Monthly Healthcare StipendRejuvenation Policy – Vacation Time Off + You will receive the official public holidays in your provincePaid sabbatical for Nerds to recharge, gain knowledge and pursue their interestsMonthly Wellness Stipend, Wifi Stipend, and Cell Phone StipendWork from home equipment stipend Have Some Fun! (Nerds are fun, too)Nerd-led group initiatives – Employee Resource Groups for Parents, Diversity, and Inclusion, Women, LGBTQIA, and other communitiesHackathons and team events across all teams and departmentsCompany-wide events like NerdLove (employee appreciation) and our annual Charity Auction Plan for your future (And when you retire on your island, remember the little people)RRSP with a 4% match. Eligible one month after hire. Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through NorthstarNerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment. #LI-RemotePlease mention the word PHENOMENALLY and tag RODguMTk4Ljk5LjE0Mw== when applying to show you read the job post completely (#RODguMTk4Ljk5LjE0Mw==). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.