Job Overview
Location
NerdWallet US
Job Type
Full-time
Category
Security Engineer
Date Posted
March 21, 2026
Full Job Description
đź“‹ Description
- • As a Security Engineer II (Application) at NerdWallet, you will play a critical role in safeguarding the company’s mission to bring clarity to life’s financial decisions by ensuring that the products and services built by engineering teams protect user data and maintain trust. You will work at the intersection of security and software development, helping to mature NerdWallet’s application security program through collaboration, automation, and developer enablement.
- • Your day-to-day responsibilities will include partnering with engineering teams across the organization to identify, triage, and remediate security vulnerabilities in applications; reviewing pull requests to provide actionable guidance on secure coding practices; contributing to the design and implementation of security tooling and dashboards that improve visibility into application risks; supporting incident response efforts during security investigations affecting applications; and helping integrate security practices into the software development lifecycle (SDLC) by building scalable processes and automation that balance security with developer experience.
- • You will join a collaborative and inclusive Application Security team within NerdWallet’s broader security organization, which operates with a culture of transparency, continuous learning, and blameless problem-solving. The team empowers engineers to build secure software by providing tools, training, and guidance that reduce friction while strengthening security posture across cloud-native applications, particularly those deployed in AWS environments.
- • In this role, you will deepen your expertise in application security, gain hands-on experience with modern DevSecOps tooling and automation, and develop leadership skills in influencing secure practices across engineering teams. You’ll have the opportunity to contribute to high-impact initiatives such as penetration testing, red team exercises, and vulnerability management programs, while growing your ability to communicate security risks and solutions to both technical and non-technical stakeholders.
🎯 Requirements
- • 2+ years of experience in application security, software engineering, or a related security role
- • Experience identifying, triaging, and remediating security vulnerabilities in applications
- • Proficiency in Python or another scripting language used for automation, with comfort reading and reviewing JavaScript or similar application code
- • Familiarity with common web application vulnerabilities and mitigation techniques, such as the OWASP Top 10
- • Experience working with software deployed in cloud environments, particularly AWS
- • Commitment to fostering a respectful, blameless, and collaborative engineering culture
🏖️ Benefits
- • Industry-leading medical, dental, and vision health care plans for employees and their dependents
- • Rejuvenation Policy – Flexible Vacation Time Off + 11 holidays + holiday company shutdown
- • Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend (for remote employees)
- • Work from home equipment stipend and co-working space subsidy (for remote employees)
- • 401K with 4% company match
- • Paid sabbatical after 5 years for employees to recharge, gain knowledge, and pursue personal interests
Skills & Technologies
Python
JavaScript
AWS
Remote
About NerdWallet, Inc.
NerdWallet, Inc. is a San Francisco–based personal finance company that operates an online platform offering comparison tools, editorial reviews, and educational content for credit cards, mortgages, loans, insurance, banking, and investing products. Founded in 2009, it generates revenue through lead generation and referral fees when users select financial products from partner institutions. The company serves U.S. consumers seeking independent guidance to optimize financial decisions and is publicly traded on the Nasdaq under the ticker NRDS.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
