Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Apply

Staff Application Security Engineer - CAN

Posted about 10 hours agoViewed

View full description

💎 Seniority level: Staff, 8 + years

📍 Location: Canada

🔍 Industry: Software Development

🏢 Company: NerdWallet

🗣️ Languages: English

⏳ Experience: 8 + years

🪄 Skills: AWSDockerPythonAgileCloud ComputingCybersecurityJavascriptJenkinsKubernetesSoftware ArchitectureTypeScriptREST APICI/CDLinuxDevOpsTerraformMicroservicesJSONSoftware Engineering

Requirements:
  • 8 + years of professional experience as a security engineer, software engineer, site reliability engineer, penetration tester/ red team member, or security consultant
  • 5+ years of experience working in Agile development, with expertise in technologies such as cloud environments (e.g., AWS), application security testing tools (e.g., SAST, DAST, SCA), infrastructure as code (e.g., Terraform), containers (e.g., Docker, Kubernetes), continuous integration (e.g., Jenkins, GitHub Actions), integration of security testing tools into CI pipelines, defect tracking (e.g., Jira), and source code management (e.g., GitHub)
  • Advanced knowledge of: Python, Typescript, and other languages (Go, PHP)
  • High-level understanding of: security weaknesses, exploits, attacks and mitigations
  • In-depth knowledge of common application and network protocols, cryptographic primitives, authentication and authorization protocols, as well as common security threats, including attack techniques, evasive techniques, and preventative and defensive methods
  • Experience leading or participating in Security Development Lifecycle Practices, Threat Modeling, Technical Design Review, and Security Code Review
  • Proven success as a collaborator with the ability to convey high-level security concepts to team members across the organization and technical and non-technical stakeholders at all levels
Responsibilities:
  • Ensure the timely delivery of high-priority product security initiatives
  • Be a strategic advisor to the Application and Product Security Program
  • Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements
  • Participate in expanding and maturing NerdWallet’s SSDLC program and its early adoption
  • Partner with cross-functional teams to identify product and application vulnerabilities and propose potential remediation opportunities and prioritization
  • Design and develop security tools and processes to be leveraged by development teams
  • Work closely with engineering to sustain processes or convert manual integrations to automated pipeline activities
  • Help build the Red Team
  • Be a technical mentor to junior members of the team and help develop their skills
Apply