Security Software Engineer developing AI-powered security systems at NerdWallet. Collaborating with engineering teams to address security vulnerabilities and enhance software development practices.
Responsibilities
Designing and building multi-agent LLM systems and routing logic that automate threat modeling, security design review, policy Q&A, and vulnerability analysis at scale
Developing retrieval-augmented generation (RAG) pipelines and semantic search systems across large code and documentation repositories
Creating automated code review capabilities that help identify insecure patterns and improve software quality earlier in the development lifecycle
Designing integrations with tools such as GitHub, Slack, Jira, Confluence, and cloud platforms to embed security guidance into everyday engineering workflows
Developing REST APIs and platform services with authentication, authorization, rate limiting, observability, and secure handling of sensitive data
Designing and maintaining scalable data processing pipelines for large codebases and document repositories, including extraction, indexing, stream processing, batch jobs, and parallel execution
Improving AI application security through controls such as prompt injection prevention, sensitive data filtering, supply chain security, and secure handling of model inputs and outputs
Enhancing NerdWallet's secure software development lifecycle (SSDLC) through automation, tooling, and developer-friendly security practices
Partnering with engineering teams to prioritize and remediate application and infrastructure security risks
Supporting incident response and on-call needs by contributing security engineering expertise, tooling, automation, and analysis when security issues arise
Identifying new opportunities for automation and AI augmentation across the security team, bringing fresh eyes and independent thinking to a growing backlog of high-impact work
Serve as technical lead on high-priority initiatives, taking ownership of technically complex work and collaborating across teams to deliver practical, measurable security outcomes
Help shape how AI and automation are securely adopted across NerdWallet's engineering ecosystem
Build tools and platforms that make security more accessible, scalable, and actionable for development teams
Improve the speed and quality of security reviews through thoughtful automation and security-first design
Strengthen customer trust by helping protect NerdWallet's products, systems, and sensitive data
Serve as an internal subject matter expert on AI and automation, advising on appropriate use cases, limitations, and risks to both technical and non-technical stakeholders.
Requirements
3+ years of software engineering or security engineering experience
Strong proficiency in Python or Go for building production-grade backend services, APIs, and data pipelines; comfort moving between languages is expected
Experience building and maintaining backend services including REST APIs, authentication, authorization, rate limiting, streaming, and observability
Working knowledge of application security concepts including common vulnerability classes such as injection, broken authentication, cross-site scripting, insecure authorization, and secrets exposure; experience with threat modeling and SSDLC practices
Hands-on experience building AI-powered systems using LLM APIs, including retrieval-augmented generation (RAG) pipelines, multi-agent architectures, and semantic search; working understanding of AI-specific security risks such as prompt injection, sensitive data exposure, and secure handling of model inputs and outputs
Genuine interest in AI and how it applies to security, not just as a tool to use, but as a domain to understand deeply, including its limitations and risks
Experience developing and operating distributed systems and cloud-based environments, including message queues, NoSQL databases, AWS, containers, Kubernetes or ECS, serverless, and infrastructure as code
Understanding of caching and performance patterns including Redis, semantic caching, TTLs, and cache invalidation
Strong communication skills, able to explain complex AI and security concepts clearly to both technical and non-technical audiences, and confident advising stakeholders on tradeoffs and limitations.
Benefits
Monthly Healthcare Stipend
Rejuvenation Policy – Vacation Time Off + You will receive the official public holidays in your province
Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
Monthly Wellness Stipend, Wifi Stipend, and Cell Phone Stipend
Security Developer coordinating vulnerabilities and malware issues for the Python Software Foundation. Collaborating with teams to enhance security practices and document threat models.
Presales Security Expert supporting sales leads and educating customers on security at Fortinet. Responsible for technical resource during sales calls and post - sales training.
IAM Director managing customer - facing identity and access management security programs at RBC. Assessing risks, developing controls, and ensuring compliance with standards and regulations.
Lead AI Red Team focusing on adversarial testing and security for enterprise - scale AI systems. Collaborate with engineering and compliance to map vulnerabilities and document findings.
Intern in operational security at Investissement Québec, supporting security alert management and vulnerability tracking in a supervised learning environment.
IT Information Security Lead at Mirego, responsible for technology and information security management. Overseeing compliance and IT strategies while maintaining operational efficiency.
Cybersecurity Specialist focusing on offensive security for Exposant 3. Performing penetration testing, security audits, and team knowledge transfer in a hybrid work setup.
Financial security advisor in life and health insurance, developing and maintaining client relationships. Selling insurance products and assessing customer needs to provide personalized solutions.
Senior Security Engineer designing and maintaining Microsoft 365 security solutions at ResMed. Focusing on compliance, incident response, and collaboration with global teams.
Senior Infrastructure professional solving practical security challenges and improving enterprise systems security at Confluence. Focused on implementation, remediation, and secure operations across Windows and Linux environments.