Staff Infrastructure Security Engineer - San Francisco, United States - NerdWallet

Description

The Infrastructure Security Engineer will work to ensure the privacy and integrity of our users' sensitive information. Their objective will be to build core security tooling for platforms that perform the collection, computation, aggregation, and storage of personal financial data and partner with technical teams across the company, advising them on secure design patterns for cloud and corporate infrastructure. They will lead strategic initiatives to remediate and mitigate infrastructure security risk across the organization.

Projects you may be working on in this position include:

• Design the security controls, automations, and infrastructure to support self-service AWS account creation and administration
• Build tools to perform continuous monitoring, reporting, and remediation of cloud security issues
• Design pragmatic baseline security controls to support new business units and rapid prototyping
• Perform security design reviews for critical partnerships and new technologies

Where you can make an impact:

• Develop and deploy security controls and measures to protect cloud-based infrastructure and services. This includes defining what good security looks like for cloud infrastructure and executing on initiatives that get us here. Ensure that security measures align with industry best practices and regulatory requirements.
• Serve as a subject matter expert on cloud security matters, providing guidance and support to other engineering teams leveraging various tech stacks. This involves assisting with the design and implementation of secure network/infrastructure architectures and advising on security best practices.
• Develop and implement automation scripts and workflows to streamline security operations and ensure consistent enforcement of security controls across cloud environments. Leverage Infrastructure as Code (IaC) tools such as Terraform to define and deploy security configurations programmatically.
• Assess the security posture of public cloud environments. This involves reviewing configurations, access controls, identity management, encryption mechanisms, and compliance frameworks to identify potential security gaps and risks.
• Monitor cloud environments for security events and anomalies, such as unauthorized access attempts, data breaches, and configuration changes. Utilize cloud-native security tools and SIEM (Security Information and Event Management) platforms to collect and analyze security logs and alerts. Respond promptly to security incidents, investigating root causes and implementing remediation actions.

You are:

• A subject matter expert in AWS security controls and industry best practices for building secure cloud environments
• Pragmatic in your approach to reducing risk in a manner that incorporates business and product needs
• Focused on building scalable cloud security solutions that allow for a high degree of engineering autonomy while reducing risk to acceptable levels
• Excited to lead roadmap items outside your core competencies to move the program forward and adapt to prioritize critical tasks as they arise
• An ambassador for fostering a respectful, blameless, and collaborative work environment

Your experience:

We recognize not everyone will meet all of the criteria. If you meet most of the criteria below and you're excited about the opportunity and willing to learn, we'd love to hear from you.

• 5+ years of experience in a professional cloud security engineering role with a focus on AWS.
• 2+ years experience writing infrastructure as Code (IaC) for production or environments using Terraform or other IaC tools.
• Experience building in Python and comfortable with learning other programming languages as needed.
• Experience building security integrations into CI/CD pipelines.
• Experience in security monitoring, triage and incident response in cloud and corporate environments.
• Experience building highly-scalable cloud security solutions with a high degree of autonomy while taking informed risks to move the business forward.
• Demonstrated ability to work collaboratively and constructively with cross-functional stakeholders to support the needs of the business while evaluating and addressing risk.
• Can mentor/coach junior engineers and provide them guidance when needed.
• Demonstrated ability to identify and drive process improvements needs.
• Experience driving large-scale security engineering projects across multiple cloud environments.

Where:

• This role will be based in San Francisco, CA or remote (based in the U.S. or Canada).
• We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.

What we offer:

Work Hard, Stay Balanced (Life's a series of balancing acts, eh?)

• Industry-leading medical, dental, and vision health care plans for employees and their dependents
• Rejuvenation Policy – Flexible Time Off + 13 holidays + 4 Mental Health Days Off
• New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
• Mental health support through Headspace
• Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar
• Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
• Health and Dependent Care FSA and HSA Plan with monthly NerdWallet contribution
• Weekly Virtual Bootcamp, Yoga, and Mindfulness Meditation sessions
• Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend

Have Some Fun (Nerds are fun, too)

• Nerd-led group initiatives – Intramural Sports, Employee Resource Groups for Parents, Diversity and Inclusion, Women, LGBTQIA, and other communities
• Hackathons, Happy Hours, and team events across all teams and departments
• Company-wide events like Little Nerds Day (aka bring your kids to work day, even if you're remote) and our annual Charity Auction

Lifestyle (Be your best self - we'll take care of the details)

• Our Nerds love to make an impact by paying it forward – Donate to your favorite causes with a company match
• Work from home equipment stipend and co-working space subsidy
• Anniversary recognition program – choose from different items and experiences
• Commuting stipend

Plan for your future (And when you retire on your island, remember the little people)

• 401K with company match
• Annual Enrichment Stipend for learning and development
• Be the first to test and benefit from our new financial products and tools
• Access to Rocket Lawyer for online legal support and resources

If you are based in California, we encourage you to read this important information for California residents linked here.

NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment.

NerdWallet participates in the Department of Homeland Security U.S. Citizenship and Immigration Services E-Verify program for all US locations. For more information, please see:

1. E-Verify Participation Poster (English+Spanish/Español)
2. Right to Work Poster (English) / (Spanish/Español)

#LI-DNP#LI-Remote#LI-4

Base pay offered may vary within the posted range based on several factors, including but not limited to education, job-related knowledge, skills, experience, and location.

The pay range for this role is

$152,000—$282,000 USD