NerdWallet’s business is built on trust. Our customers trust us with highly sensitive personal information including SSNs, bank account numbers, etc. Not only do we take it seriously to securely protect our customer’s data, we go above and beyond to make security a business differentiator.
Where you can make an impact:
- As a Senior Product Security Engineer, your primary focus will be Application Security / Product SecurityConsult and advise teams across the entire company on new and existing products, acquisitions, vendor integrations, etc. by identifying risk through security reviews and threat modeling, recommending risk mitigations, and providing secure development design patterns Coding skills: Ability to review code and also develop tooling, libraries and frameworks to secure our products throughout the entire SDLC (static analysis, CSRF/XSS prevention libraries, CSP, code hardening efforts, etc) Develop processes that help mitigate product security risks and helps engineers write “secure by design” codeEstablish and advocate a culture of security across the engineering and product team Effectively communicate and track security risks and vulnerabilities across all departments and provide risk posture reporting and awareness
- Experienced in security design review and threat modeling for complex applications and systems in a cloud-native environmentWell versed in programming or scripting Knowledgable of authentication and security protocols, cryptography, vulnerability management, and application securityKnowledgeable about product and application security risks (e.g. OWASP Top 10) and exploits, and can recommend risk mitigation techniques Excited to build and drive adoption of tooling and solutions to proactively prevent risks and vulnerabilities Self driven, motivated, and looking for new challenges to develop your career
We recognize not everyone will have all of these requirements. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you.