Security Software Engineer – AI & Automation

This is a fully remote position, open to applicants in Canada.

📋 Description

• Designing and constructing multi-agent LLM systems along with routing logic that streamline threat modeling, security design reviews, policy Q&A, and vulnerability analysis at scale.

• Developing retrieval-augmented generation (RAG) pipelines and semantic search systems to navigate extensive code and documentation repositories.

• Establishing automated code review functionalities that identify insecure patterns and enhance software quality earlier in the development lifecycle.

• Creating integrations with tools like GitHub, Slack, Jira, Confluence, and cloud platforms to incorporate security guidance into daily engineering workflows.

• Developing REST APIs and platform services with features such as authentication, authorization, rate limiting, observability, and secure management of sensitive data.

• Designing and sustaining scalable data processing pipelines for large codebases and document repositories, encompassing extraction, indexing, stream processing, batch jobs, and parallel execution.

• Enhancing AI application security through controls such as prompt injection prevention, sensitive data filtering, supply chain security, and secure handling of model inputs and outputs.

• Advancing NerdWallet's secure software development lifecycle (SSDLC) via automation, tooling, and developer-friendly security practices.

• Collaborating with engineering teams to prioritize and address application and infrastructure security vulnerabilities.

• Assisting with incident response and on-call requirements by providing security engineering expertise, tooling, automation, and analysis during security incidents.

• Discovering new automation and AI augmentation opportunities within the security team, contributing fresh perspectives and independent thinking to a growing backlog of impactful work.

• Acting as the technical lead on high-priority projects, taking ownership of technically complex tasks and coordinating across teams to achieve practical, measurable security outcomes.

• Influencing the secure adoption of AI and automation throughout NerdWallet's engineering ecosystem.

• Developing tools and platforms that enhance the accessibility, scalability, and actionability of security for development teams.

• Accelerating the speed and quality of security reviews through strategic automation and security-first design principles.

• Bolstering customer trust by safeguarding NerdWallet's products, systems, and sensitive data.

• Serving as an internal subject matter expert on AI and automation, offering guidance on suitable use cases, limitations, and risks to both technical and non-technical stakeholders.

⛳️ Requirements

• A minimum of 3 years of experience in software engineering or security engineering.

• Strong expertise in Python or Go for constructing production-grade backend services, APIs, and data pipelines; adaptability between languages is anticipated.

• Proven experience in developing and maintaining backend services, including REST APIs, authentication, authorization, rate limiting, streaming, and observability.

• Familiarity with application security principles, including common vulnerability types such as injection, broken authentication, cross-site scripting, insecure authorization, and secrets exposure; experience with threat modeling and SSDLC practices is required.

• Practical experience in designing AI-powered systems using LLM APIs, encompassing retrieval-augmented generation (RAG) pipelines, multi-agent architectures, and semantic search; understanding of AI-specific security threats such as prompt injection, sensitive data exposure, and secure management of model inputs and outputs.

• A sincere interest in AI and its implications for security, not merely as a tool, but as a field to explore in depth, including its limitations and risks.

• Experience in developing and managing distributed systems and cloud-based environments, including message queues, NoSQL databases, AWS, containers, Kubernetes or ECS, serverless architectures, and infrastructure as code.

• Comprehension of caching and performance patterns, including Redis, semantic caching, TTLs, and cache invalidation.

• Excellent communication skills, capable of articulating complex AI and security concepts clearly to both technical and non-technical audiences, and confidently advising stakeholders on trade-offs and limitations.

🏝️ Benefits

• Monthly Healthcare Stipend.

• Rejuvenation Policy – Vacation Time Off + you will receive the official public holidays in your province.

• Paid sabbatical for Nerds to recharge, pursue knowledge, and explore their interests.

• Monthly Wellness Stipend, Wifi Stipend, and Cell Phone Stipend.

• Work from home equipment stipend.