NerdWallet is committed to pursuing and hiring a diverse workforce and is proud to be an equal opportunity employer. We prohibit discrimination and harassment on the basis of any characteristic protected by applicable federal, state, or local law, so all qualified applicants will receive consideration for employment. NerdWallet will consider qualified applicants with a criminal history pursuant to the California Fair Chance Act and the San Francisco Fair Chance Act. NerdWallet participates in the Department of Homeland Security U.S. Citizenship and Immigration Services E-Verify program for all US locations.
Security Software Engineer, AI & Automation
Location
California
Posted
56 days ago
Salary
$127K - $207K / year
Seniority
Senior
Job Description
Security Software Engineer, AI & Automation
NerdWallet
• Partner closely with security engineering and infrastructure teams to build automation and AI-powered solutions that help identify vulnerabilities, improve security reviews, and reduce risk across our platforms • Take ownership of security engineering initiatives that combine software development, AI systems experience, and security-first thinking to solve meaningful problems at scale • Design and build multi-agent LLM systems and routing logic that automate threat modeling, security design review, policy Q&A, and vulnerability analysis at scale • Develop retrieval-augmented generation (RAG) pipelines and semantic search systems across large code and documentation repositories • Create automated code review capabilities that help identify insecure patterns and improve software quality earlier in the development lifecycle • Design integrations with tools such as GitHub, Slack, Jira, Confluence, and cloud platforms to embed security guidance into everyday engineering workflows • Develop REST APIs and platform services with authentication, authorization, rate limiting, observability, and secure handling of sensitive data • Design and maintain scalable data processing pipelines for large codebases and document repositories, including extraction, indexing, stream processing, batch jobs, and parallel execution • Improve AI application security through controls such as prompt injection prevention, sensitive data filtering, supply chain security, and secure handling of model inputs and outputs • Enhance NerdWallet's secure software development lifecycle (SSDLC) through automation, tooling, and developer-friendly security practices • Partner with engineering teams to prioritize and remediate application and infrastructure security risks • Support incident response and on-call needs by contributing security engineering expertise, tooling, automation, and analysis when security issues arise • Identify new opportunities for automation and AI augmentation across the security team, bringing fresh eyes and independent thinking to a growing backlog of high-impact work
Job Requirements
- 3+ years of software engineering or security engineering experience
- Strong proficiency in Python or Go for building production-grade backend services, APIs, and data pipelines; comfort moving between languages is expected
- Experience building and maintaining backend services including REST APIs, authentication, authorization, rate limiting, streaming, and observability
- Working knowledge of application security concepts including common vulnerability classes such as injection, broken authentication, cross-site scripting, insecure authorization, and secrets exposure; experience with threat modeling and SSDLC practices
- Hands-on experience building AI-powered systems using LLM APIs, including retrieval-augmented generation (RAG) pipelines, multi-agent architectures, and semantic search; working understanding of AI-specific security risks such as prompt injection, sensitive data exposure, and secure handling of model inputs and outputs
- Genuine interest in AI and how it applies to security, not just as a tool to use, but as a domain to understand deeply, including its limitations and risks
- Experience developing and operating distributed systems and cloud-based environments, including message queues, NoSQL databases, AWS, containers, Kubernetes or ECS, serverless, and infrastructure as code
- Understanding of caching and performance patterns including Redis, semantic caching, TTLs, and cache invalidation
- Strong communication skills, able to explain complex AI and security concepts clearly to both technical and non-technical audiences, and confident advising stakeholders on tradeoffs and limitations.
Benefits
- Industry-leading medical, dental, and vision health care plans for employees and their dependents
- Rejuvenation Policy – Flexible Vacation Time Off + 11 holidays + holiday company shutdown
- New Parent Leave for employees with a newborn child or a child placed with them for adoption or foster care
- Mental health support
- Paid sabbatical after 5 years for Nerds to recharge, gain knowledge, and pursue their interests
- Health and Dependent Care FSA and HSA Plan with monthly NerdWallet contribution
- Monthly Wellness Stipend, Cell Phone Stipend, and Wifi Stipend (Only remote Nerds are eligible for the Wifi Stipend)
- Work from home equipment stipend and co-working space subsidy (Only remote Nerds are eligible for these stipends)
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Own the full RMF lifecycle from system categorization through ATO and continuous monitoring • Author and maintain SSPs, POA&Ms, SARs, and SCTM documentation • Coordinate with government AOs, SCAs, and ISSOs across programs • Manage NIST SP 800-53 control implementation, testing, and evidence collection • Govern the security posture of AI and ML systems operating within classified enclaves • Assess novel risks introduced by LLMs and agentic workflows in DoW environments • Apply DISA STIGs and DoW cloud SRG requirements across IL4–IL6 deployments • Support JSIG and ICD 503 requirements where SAP/SCI accreditation applies • Interpret evolving guidance — CMMC 2.0, NSM-8, DoW AI Ethics Principles — and translate into action before it becomes mandatory • Define security approval pathways for AI tools where none yet exist • Build lightweight security review processes that enable engineering teams rather than blocking them • Serve as the primary liaison with government ISSOs, AOs, and DCSA representatives • Communicate risk clearly to non-security audiences including engineers and program leads • Mentor junior ISSOs and build security-awareness culture across the organization
• Design, deploy, and manage enterprise network security solutions • Configure and administer Fortinet, SonicWall, and Palo Alto firewalls • Implement and maintain VPNs, IPS/IDS, web filtering, NAT, ACLs, and segmentation policies • Monitor security events using SIEM, XDR, and SOC monitoring platforms • Investigate security incidents, perform threat analysis, and support incident response activities • Manage firewall policies, security rules, and compliance controls • Implement Zero Trust Network Access (ZTNA) and identity-based security controls • Support cloud security initiatives across AWS, Azure, and hybrid infrastructure • Configure and support SD-WAN and Secure Access Service Edge (SASE) solutions • Conduct vulnerability assessments and remediation activities • Collaborate with infrastructure, cloud, and application teams to secure enterprise environments • Maintain security documentation, diagrams, SOPs, and audit records • Participate in on-call rotations and critical incident handling
Senior Product Security Engineer – Network and Infrastructure
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
• Develop and maintain a comprehensive understanding of CrowdStrike's hybrid networks spanning public cloud (AWS, GCP, Azure) and physical data centers, continuously assessing attack surface and identifying security gaps. • Design and architect new network connection patterns and zone segmentation strategies that reduce risk while enabling product scalability. • Build scalable monitoring, alerting, and automation solutions targeting network security risks across a fast-moving, dynamic environment. • Lead threat modeling efforts focused on network architecture, data flows, and connectivity patterns across platform services. • Evaluate current threat landscape and business priorities to effectively sequence and drive the highest-impact security improvements. • Lead complex, cross-team security initiatives with broad impact across the product group. • Contribute to medium-term strategic direction for network security; proactively identify areas of greatest need and develop actionable plans to address them. • Provide architectural and design expertise that accounts for the broader platform picture, not just point-in-time solutions. • Serve as an internal authority on network security architecture within CrowdStrike's product organization. • Volunteer for and lead working groups and initiatives that have impact at the Product team level or broader industry level. • Partner closely with product engineering, infrastructure, and platform teams to understand scaling requirements and translate them into secure-by-design network architectures. • Work across organizational boundaries to facilitate alignment on security requirements, driving consensus on complex and ambiguous problems. • Clearly communicate decisions and architectural direction to both technical and non-technical stakeholders once alignment is reached. • Serve as a role model for security culture and best practices within your functional area. • Multiply the effectiveness of the broader team by facilitating cross-team knowledge sharing and collaboration. • Guide and develop technical talent through coaching, code reviews, and architectural deep-dives. • Contribute to the growth of the security organization by mentoring team members and helping refine technical interviewing standards.
• Build detections and security signal pipelines in Datadog. • Serve as the subject matter expert on AWS Cloud and on-prem infrastructure security. • Define and set up AWS and on-prem Security Monitoring/Best Practices Strategy. • Act as the technical lead during security incidents, including investigation and remediation. • Improve Terraform Modules and Infrastructure as Code (IaC) to follow security best practices. • Develop and implement a vulnerability monitoring strategy and integrate it into CI/CD pipelines. • Build security automation using Python, scripting, and APIs. • Partner with Infrastructure on AWS security engineering, including IAM, KMS, and network segmentation. • Operate SOC 2 Type 2 evidence collection and audit response. • Drive ISO 27001 implementation work, including risk assessments and control mapping. • Ensure infrastructure compliance with regulatory requirements. • Run vendor and subprocessor risk reviews. • Respond to customer security questionnaires and external inquiries. • Mentor and enable other team members to improve their security posture.



