Security Engineer II - California, United States - NerdWallet

    NerdWallet
    NerdWallet California, United States

    1 month ago

    Default job background
    Description
    San Francisco, CA or Remote (Based in the U.S.)

    NerdWallet

    Make smarter financial decisions with NerdWallet's side-by-side comparisons, objective ratings and reviews, customized insights, and trusted expertise.

    View company page

    We are seeking a Security Engineer II to join our Application Security team.

    The Application Security team enables NerdWallet's mission, to provide clarity for all of life's financial decisions, by taking steps to ensure the products and services we design and build safeguard our user's data and trust.

    In this role, you can expect to partner with technical teams across the company, executing on initiatives that mitigate risk and prevent harm to user trust throughout the lifecycle of products.

    You'll have the opportunity to mature the tools, workflows, and standards that lead to secure software coding practices, while providing a phenomenal developer experience and empowering partners to take ownership of the security posture of their products.

    The right candidate will be eager to help engineers secure their software, have a desire to empower developers, and be a terrific collaborator maturing our security posture in meaningful ways.

    If you would like to develop your security skills in a supportive environment and contribute to maturing an organization's security program, we encourage you to apply
    This role will report to a Business Information Security Officer.
    If you were here 6 months ago, here are some things you might have worked on:

    Designed and Implemented a secret scanner in the CI/CD
    Helped triage and respond to security events and findings identified by various application security tools
    Rolled out a Content-Security-Policy response header for various applications
    Where you can make an impact:

    Help scale our application security program through automation and developer empowerment
    Influence engineering and product partners to remediate security gaps across multiple functional areas while balancing company and security needs
    Build tools and processes to drive greater security posture visibility for leadership
    Review developer pull requests for adherence to security best practices
    Support operational work in response to security incidents

    You are:
    Familiar with industry standards, risk mitigation techniques, and new developments within application security, e.g. OWASP Top 10
    Pragmatic in your approach to reducing risk in a manner that incorporates business and product needs that balances time and risk reduction
    Asking questions, seeking guidance, and soliciting feedback when clarification is needed about assigned work or discussion topics
    Continuously training to understand application security fundamentals and goals for a company
    Committed to fostering a respectful, blameless, and collaborative work environment and are receptive to constructive feedback from peers and mentors

    Your experience:
    We recognize not everyone will meet all of the criteria.

    If you meet most of the criteria below and you're excited about the opportunity and willing to learn, we'd love to hear from you.

    2+ years of experience in a professional application security engineering role and experience developing software deployed in a cloud

    environment, especially AWS
    Identified, triaged, and remediated security vulnerabilities
    Proficient in Python
    Comfort with learning new languages as needed

    Where:
    This role is remote, based in the U.S.
    We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family

    What we offer:
    Work Hard, Stay Balanced (Life's a series of balancing acts, eh?)
    Industry-leading medical, dental, and vision health care plans for employees and their dependents
    New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
    Mental health support through Headspace
    Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar
    Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
    Health and Dependent Care FSA and HSA Plan with monthly NerdWallet contribution
    Weekly Virtual Bootcamp, Yoga, and Mindfulness Meditation sessions
    Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend
    Have Some Fun (Nerds are fun, too)
    Nerd-led group initiatives – Intramural Sports, Employee Resource Groups for Parents, Diversity and Inclusion, Women, LGBTQIA, and other communities
    Hackathons, Happy Hours, and team events across all teams and departments
    Company-wide events like Little Nerds Day (aka bring your kids to work day, even if you're remote) and our annual Charity Auction
    Lifestyle (Be your best self - we'll take care of the details)
    Our Nerds love to make an impact by paying it forward – Donate to your favorite causes with a company match
    Work from home equipment stipend and co-working space subsidy
    Anniversary recognition program – choose from different items and experiences
    Commuting stipend
    Plan for your future (And when you retire on your island, remember the little people)
    401K with company match
    Annual Enrichment Stipend for learning and development
    Be the first to test and benefit from our new financial products and tools
    Access to Rocket Lawyer for online legal support and resources

    If you are based in California, we encourage you to read this important information for California residents linked here .

    NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer.

    We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment.

    NerdWallet will consider qualified applicants with a criminal history pursuant to the California Fair Chance Act andthe San Francisco Fair Chance Act, which requires this notice .

    NerdWallet participates in the Department of Homeland Security U.S. Citizenship and Immigration Services E-Verify program for all USlocations.


    For more information, please see:


    Base pay offered may vary within the posted range based on several factors, including but not limited to education, job-related knowledge, skills, experience, and location.

    The pay range for this role is$110,000—$166,000 USD

    We are seeking a Security Engineer II to join our Application Security team.

    The Application Security team enables NerdWallet's mission, to provide clarity for all of life's financial decisions, by taking steps to ensure the products and services we design and build safeguard our user's data and trust.

    In this role, you can expect to partner with technical teams across the company, executing on initiatives that mitigate risk and prevent harm to user trust throughout the lifecycle of products.

    You'll have the opportunity to mature the tools, workflows, and standards that lead to secure software coding practices, while providing a phenomenal developer experience and empowering partners to take ownership of the security posture of their products.

    The right candidate will be eager to help engineers secure their software, have a desire to empower developers, and be a terrific collaborator maturing our security posture in meaningful ways.

    If you would like to develop your security skills in a supportive environment and contribute to maturing an organization's security program, we encourage you to apply
    This role will report to a Business Information Security Officer.
    If you were here 6 months ago, here are some things you might have worked on:

    Designed and Implemented a secret scanner in the CI/CD
    Helped triage and respond to security events and findings identified by various application security tools
    Rolled out a Content-Security-Policy response header for various applications
    Where you can make an impact:

    Help scale our application security program through automation and developer empowerment
    Influence engineering and product partners to remediate security gaps across multiple functional areas while balancing company and security needs
    Build tools and processes to drive greater security posture visibility for leadership
    Review developer pull requests for adherence to security best practices
    Support operational work in response to security incidents

    You are:
    Familiar with industry standards, risk mitigation techniques, and new developments within application security, e.g. OWASP Top 10
    Pragmatic in your approach to reducing risk in a manner that incorporates business and product needs that balances time and risk reduction
    Asking questions, seeking guidance, and soliciting feedback when clarification is needed about assigned work or discussion topics
    Continuously training to understand application security fundamentals and goals for a company
    Committed to fostering a respectful, blameless, and collaborative work environment and are receptive to constructive feedback from peers and mentors

    Your experience:
    We recognize not everyone will meet all of the criteria.

    If you meet most of the criteria below and you're excited about the opportunity and willing to learn, we'd love to hear from you.

    2+ years of experience in a professional application security engineering role and experience developing software deployed in a cloud

    environment, especially AWS
    Identified, triaged, and remediated security vulnerabilities
    Proficient in Python
    Comfortable reading JavaScript
    Comfort with learning new languages as needed

    Where:
    This role is remote, based in the U.S.
    We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family

    What we offer:
    Work Hard, Stay Balanced (Life's a series of balancing acts, eh?)
    Industry-leading medical, dental, and vision health care plans for employees and their dependents
    Rejuvenation Policy – Flexible Time Off + 13 holidays + 4 Mental Health Days Off
    New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
    Mental health support through Headspace
    Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar
    Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
    Health and Dependent Care FSA and HSA Plan with monthly NerdWallet contribution
    Weekly Virtual Bootcamp, Yoga, and Mindfulness Meditation sessions
    Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend
    Have Some Fun (Nerds are fun, too)
    Nerd-led group initiatives – Intramural Sports, Employee Resource Groups for Parents, Diversity and Inclusion, Women, LGBTQIA, and other communities
    Hackathons, Happy Hours, and team events across all teams and departments
    Company-wide events like Little Nerds Day (aka bring your kids to work day, even if you're remote) and our annual Charity Auction
    Lifestyle (Be your best self - we'll take care of the details)
    Our Nerds love to make an impact by paying it forward – Donate to your favorite causes with a company match
    Work from home equipment stipend and co-working space subsidy
    Anniversary recognition program – choose from different items and experiences
    Commuting stipend
    Plan for your future (And when you retire on your island, remember the little people)
    401K with company match
    Annual Enrichment Stipend for learning and development
    Be the first to test and benefit from our new financial products and tools
    Access to Rocket Lawyer for online legal support and resources

    If you are based in California, we encourage you to read this important information for California residents linked here .

    NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer.

    We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment.

    NerdWallet will consider qualified applicants with a criminal history pursuant to the California Fair Chance Act andthe San Francisco Fair Chance Act, which requires this notice .

    NerdWallet participates in the Department of Homeland Security U.S. Citizenship and Immigration Services E-Verify program for all USlocations.


    For more information, please see:
    E-Verify Participation Poster(English+Spanish/Español )

    Right to Work Poster(English) /(Spanish/Español)

    #LI-DNI
    #LI-Remote
    #LI-3


    Base pay offered may vary within the posted range based on several factors, including but not limited to education, job-related knowledge, skills, experience, and location.

    The pay range for this role is$110,000—$166,000 USD
    Explore more InfoSec / Cybersecurity career opportunities


    Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

    #J-18808-Ljbffr