Security Engineer II Canada

At NerdWallet, we're on a mission to bring clarity to all of life's financial decisions and every great mission needs a team of exceptional Nerds. We've built an inclusive, flexible, and candid culture where you're empowered to grow, take smart risks, and be unapologetically yourself (cape optional). Whether remote or in-office, we support how you thrive best. We invest in your well-being, development, and ability to make an impact because when one Nerd levels up, we all do.

We are seeking a Security Engineer II to join our Application Security team. The Application Security team enables NerdWallet's mission-to provide clarity for all of life's financial decisions, by helping ensure the products and services we design and build safeguard our users' data and trust.

In this role, you'll partner closely with engineering teams across the company to reduce security risk throughout the software development lifecycle. You'll contribute to initiatives that strengthen NerdWallet's security posture by improving tooling, workflows, and standards that help engineers build secure software while maintaining a great developer experience.

This role is ideal for someone who enjoys solving security challenges collaboratively, building scalable solutions, and helping engineers integrate security practices into their day-to-day work. You'll have the opportunity to grow your application security expertise while contributing meaningfully to a maturing security program.

This role will report to a Business Information Security Officer.

If you were here 6 months ago, here are some things you might have worked on:
* Designed and implemented a dashboard for on call activities for the team.
Designed and implemented a dashboard for on call activities for the team.
* Helped triage and respond to security findings and alerts generated by application security tools
Helped triage and respond to security findings and alerts generated by application security tools
* Completed a penetration test of an external system, and participated in red team campaigns.
Completed a penetration test of an external system, and participated in red team campaigns.
* Collaborated with engineers to remediate vulnerabilities and improve secure coding practices
Collaborated with engineers to remediate vulnerabilities and improve secure coding practices
* Contributed to automation or tooling that improves visibility into application security risks
Contributed to automation or tooling that improves visibility into application security risks

Where you can make an impact:
* Help scale NerdWallet's application security program through automation, tooling, and developer enablement
Help scale NerdWallet's application security program through automation, tooling, and developer enablement
* Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities
Partner with engineering and product teams to identify and remediate security gaps across multiple systems while balancing business priorities
* Build tools, processes, and automation that improve security posture visibility for engineers and leadership
Build tools, processes, and automation that improve security posture visibility for engineers and leadership
* Review pull requests and provide actionable guidance on secure coding practices
Review pull requests and provide actionable guidance on secure coding practices
* Support operational work during security investigations or incidents affecting applications
Support operational work during security investigations or incidents affecting applications
* Help integrate security practices into the secure development lifecycle (SDLC) across teams
Help integrate security practices into the secure development lifecycle (SDLC) across teams

You are:
* Familiar with common web application vulnerabilities and mitigation techniques, such as the OWASP Top 10
Familiar with common web application vulnerabilities and mitigation techniques, such as the OWASP Top 10
* Pragmatic in your approach to reducing risk, balancing security improvements with product and engineering priorities
Pragmatic in your approach to reducing risk, balancing security improvements with product and engineering priorities
* Curious and motivated to continuously grow your application security knowledge and skills
Curious and motivated to continuously grow your application security knowledge and skills
* Comfortable asking questions, seeking guidance, collaborating, and debating with teammates when working through complex problems
Comfortable asking questions, seeking guidance, collaborating, and debating with teammates when working through complex problems
* Committed to fostering a respectful, blameless, and collaborative engineering culture
Committed to fostering a respectful, blameless, and collaborative engineering culture
* Interested in helping engineers understand and adopt secure development practices
Interested in hel