Infrastructure security specialist supporting incident management and security measures deployment in a hybrid environment at TEHORA, a multidisciplinary Quebec firm.
About the role
- Security Software Engineer developing AI-powered security systems at NerdWallet. Collaborating with engineering teams to address security vulnerabilities and enhance software development practices.
Responsibilities
- Designing and building multi-agent LLM systems and routing logic that automate threat modeling, security design review, policy Q&A, and vulnerability analysis at scale
- Developing retrieval-augmented generation (RAG) pipelines and semantic search systems across large code and documentation repositories
- Creating automated code review capabilities that help identify insecure patterns and improve software quality earlier in the development lifecycle
- Designing integrations with tools such as GitHub, Slack, Jira, Confluence, and cloud platforms to embed security guidance into everyday engineering workflows
- Developing REST APIs and platform services with authentication, authorization, rate limiting, observability, and secure handling of sensitive data
- Designing and maintaining scalable data processing pipelines for large codebases and document repositories, including extraction, indexing, stream processing, batch jobs, and parallel execution
- Improving AI application security through controls such as prompt injection prevention, sensitive data filtering, supply chain security, and secure handling of model inputs and outputs
- Enhancing NerdWallet's secure software development lifecycle (SSDLC) through automation, tooling, and developer-friendly security practices
- Partnering with engineering teams to prioritize and remediate application and infrastructure security risks
- Supporting incident response and on-call needs by contributing security engineering expertise, tooling, automation, and analysis when security issues arise
- Identifying new opportunities for automation and AI augmentation across the security team, bringing fresh eyes and independent thinking to a growing backlog of high-impact work
- Serve as technical lead on high-priority initiatives, taking ownership of technically complex work and collaborating across teams to deliver practical, measurable security outcomes
- Help shape how AI and automation are securely adopted across NerdWallet's engineering ecosystem
- Build tools and platforms that make security more accessible, scalable, and actionable for development teams
- Improve the speed and quality of security reviews through thoughtful automation and security-first design
- Strengthen customer trust by helping protect NerdWallet's products, systems, and sensitive data
- Serve as an internal subject matter expert on AI and automation, advising on appropriate use cases, limitations, and risks to both technical and non-technical stakeholders.
Requirements
- 3+ years of software engineering or security engineering experience
- Strong proficiency in Python or Go for building production-grade backend services, APIs, and data pipelines; comfort moving between languages is expected
- Experience building and maintaining backend services including REST APIs, authentication, authorization, rate limiting, streaming, and observability
- Working knowledge of application security concepts including common vulnerability classes such as injection, broken authentication, cross-site scripting, insecure authorization, and secrets exposure; experience with threat modeling and SSDLC practices
- Hands-on experience building AI-powered systems using LLM APIs, including retrieval-augmented generation (RAG) pipelines, multi-agent architectures, and semantic search; working understanding of AI-specific security risks such as prompt injection, sensitive data exposure, and secure handling of model inputs and outputs
- Genuine interest in AI and how it applies to security, not just as a tool to use, but as a domain to understand deeply, including its limitations and risks
- Experience developing and operating distributed systems and cloud-based environments, including message queues, NoSQL databases, AWS, containers, Kubernetes or ECS, serverless, and infrastructure as code
- Understanding of caching and performance patterns including Redis, semantic caching, TTLs, and cache invalidation
- Strong communication skills, able to explain complex AI and security concepts clearly to both technical and non-technical audiences, and confident advising stakeholders on tradeoffs and limitations.
Benefits
- Monthly Healthcare Stipend
- Rejuvenation Policy – Vacation Time Off + You will receive the official public holidays in your province
- Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
- Monthly Wellness Stipend, Wifi Stipend, and Cell Phone Stipend
- Work from home equipment stipend
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Senior Technical Manager for IAM AI Compliance at RBC, balancing risk and AI innovation in finance. Collaborating across teams to enhance identity governance and compliance metrics.
Staff Cloud Security Architect leading the design and implementation of security solutions in RBC's cloud environment. Focus on Azure, Kubernetes, and AI infrastructure, ensuring compliance with regulatory standards.
IA
Practice Leader managing TDIS risks for iA Financial Group, focusing on risk management and technology governance. Leading initiatives to enhance organizational risk practices and frameworks.
Instructor teaching online Information Security course at Wilfrid Laurier University. Providing students with knowledge on information security fundamentals and related risks.
Information Security Student role at Nasdaq Verafin gaining hands - on experience in cybersecurity. Collaborating with security analysts to investigate cloud security issues and standards compliance.
Security Consultant II responsible for delivering customer success and integrating solutions. Working with global customers to enhance security services at Akamai.
Director of Access Request Control at RBC establishing a framework for access request compliance. Collaborating across teams to streamline access and audit processes.
Senior Red Team Operator executing Red Team and Purple Team operations in Canada. Delivering scenario - driven operations in a continuously evolving cybersecurity landscape.
Product Owner driving evolving proactive security services portfolio across Risk Advisory, Application Security, and Cloud & AI Security. Collaborating with technology stakeholders to deliver high - value outcomes.