Overview

NerdWallet’s business is built on trust. Our customers trust us with highly sensitive personal information including SSNs, bank account numbers, etc. Not only do we take it seriously to securely protect our customer’s data, we go above and beyond to make security a business differentiator.  

Where you can make an impact:

  • As a Senior Product Security Engineer, your primary focus will be Application Security / Product Security
  • Consult and advise teams across the entire company on new and existing products, acquisitions, vendor integrations, etc. by identifying risk through security reviews and threat modeling, recommending risk mitigations, and providing secure development design patterns 
  • Coding skills: Ability to review code and also develop tooling, libraries and frameworks to secure our products throughout the entire SDLC (static analysis, CSRF/XSS prevention libraries, CSP, code hardening efforts, etc) 
  • Develop processes that help mitigate product security risks and helps engineers write “secure by design” code
  • Establish and advocate a culture of security across the engineering and product team 
  • Effectively communicate and track security risks and vulnerabilities across all departments and provide risk posture reporting and awareness 

You are:

  • Experienced in security design review and threat modeling for complex applications and systems in a cloud-native environment
  • Well versed in programming or scripting 
  • Knowledgable of authentication and security protocols, cryptography, vulnerability management, and application security
  • Knowledgeable about product and application security risks (e.g. OWASP Top 10) and exploits, and can recommend risk mitigation techniques  
  • Excited to build and drive adoption of tooling and solutions to proactively prevent risks and vulnerabilities 
  • Self driven, motivated, and looking for new challenges to develop your career

Your experience:

We recognize not everyone will have all of these requirements. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you.

  • B.S. or M.S. Computer Science or related field
  • 5-7+ years of experience driving secure code development and best practices within an Engineering and DevOps organization
  • Proficient in more than one programming language: Python, JavaScript, PHP, Go
  • In-depth knowledge of authentication protocols (OAuth, SAML), applied cryptography, PKI, networking (TCP/IP, DNS, SSL/TLS)
  • CISSP, SANS or GAIC penetration testing certifications are a plus

Where:

  • This role will be based in San Francisco, CA or remote (based in the U.S.).
  • We believe great work can be done anywhere. No matter where you are based, NerdWallet offers benefits and perks to support the physical, financial, and emotional well being of you and your family.

What we offer:

Work hard, stay balanced (Life’s a series of balancing acts, eh?)

  • 100% paid premiums for medical, dental and vision for employees and their dependents
  • Rejuvenation Policy – Flexible Time Off + 12 holidays + Mental Health Days
  • New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
  • Mental health support through Ginger.io 
  • Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
  • Health and Dependent Care FSA and HSA with monthly NerdWallet contribution
  • Weekly Virtual Bootcamp, Yoga and Mindfulness Meditation sessions
  • Monthly Wellness Stipend and Cell Phone Stipend

Have some fun! (Nerds are fun, too)

  • Nerd-led group initiatives – Intramural Sports, Employee Resource Groups for Parents, Diversity, Equity, and Inclusion, Women, LGBTQIA, and other communities
  • Hackathons, Happy Hours and team bonding across all teams and departments
  • Company-wide events like Little Nerds Day (aka bring your kids to work day, even if you’re remote!) and our annual Charity Auction 

Lifestyle (Be your best self – we’ll take care of the details)

  • Our Nerds love to make an impact by paying it forward – Donate to your favorite causes with a company match
  • Work from home equipment stipend and co-working space subsidy 
  • Commuting stipend and catered breakfast, lunch and onsite barista for SF based Nerds
  • Anniversary recognition program – choose from different items and experiences

Plan for your future (And when you retire on your island, remember the little people)

  • 401K with company match
  • Annual Enrichment Stipend for learning and development
  • Be the first to test and benefit from our new financial products and tools
  • Access to Rocket Lawyer for online legal support and resources 

NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of any characteristic protected by applicable federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

#LI-MA1

#LI-Remote