Security Software Engineer, AI & Automation - Canada

About The Position

Requirements

• 3+ years of software engineering or security engineering experience
• Strong proficiency in Python or Go for building production-grade backend services, APIs, and data pipelines; comfort moving between languages is expected
• Experience building and maintaining backend services including REST APIs, authentication, authorization, rate limiting, streaming, and observability
• Working knowledge of application security concepts including common vulnerability classes such as injection, broken authentication, cross-site scripting, insecure authorization, and secrets exposure; experience with threat modeling and SSDLC practices
• Hands-on experience building AI-powered systems using LLM APIs, including retrieval-augmented generation (RAG) pipelines, multi-agent architectures, and semantic search; working understanding of AI-specific security risks such as prompt injection, sensitive data exposure, and secure handling of model inputs and outputs
• Genuine interest in AI and how it applies to security, not just as a tool to use, but as a domain to understand deeply, including its limitations and risks
• Experience developing and operating distributed systems and cloud-based environments, including message queues, NoSQL databases, AWS, containers, Kubernetes or ECS, serverless, and infrastructure as code
• Understanding of caching and performance patterns including Redis, semantic caching, TTLs, and cache invalidation
• Strong communication skills, able to explain complex AI and security concepts clearly to both technical and non-technical audiences, and confident advising stakeholders on tradeoffs and limitations

Responsibilities

• Designing and building multi-agent LLM systems and routing logic that automate threat modeling, security design review, policy Q&A, and vulnerability analysis at scale
• Developing retrieval-augmented generation (RAG) pipelines and semantic search systems across large code and documentation repositories
• Creating automated code review capabilities that help identify insecure patterns and improve software quality earlier in the development lifecycle
• Designing integrations with tools such as GitHub, Slack, Jira, Confluence, and cloud platforms to embed security guidance into everyday engineering workflows
• Developing REST APIs and platform services with authentication, authorization, rate limiting, observability, and secure handling of sensitive data
• Designing and maintaining scalable data processing pipelines for large codebases and document repositories, including extraction, indexing, stream processing, batch jobs, and parallel execution
• Improving AI application security through controls such as prompt injection prevention, sensitive data filtering, supply chain security, and secure handling of model inputs and outputs
• Enhancing NerdWallet's secure software development lifecycle (SSDLC) through automation, tooling, and developer-friendly security practices
• Partnering with engineering teams to prioritize and remediate application and infrastructure security risks
• Supporting incident response and on-call needs by contributing security engineering expertise, tooling, automation, and analysis when security issues arise
• Identifying new opportunities for automation and AI augmentation across the security team, bringing fresh eyes and independent thinking to a growing backlog of high-impact work
• Serve as technical lead on high-priority initiatives, taking ownership of technically complex work and collaborating across teams to deliver practical, measurable security outcomes
• Help shape how AI and automation are securely adopted across NerdWallet's engineering ecosystem
• Build tools and platforms that make security more accessible, scalable, and actionable for development teams
• Improve the speed and quality of security reviews through thoughtful automation and security-first design
• Strengthen customer trust by helping protect NerdWallet's products, systems, and sensitive data
• Serve as an internal subject matter expert on AI and automation, advising on appropriate use cases, limitations, and risks to both technical and non-technical stakeholders

Benefits

• Monthly Healthcare Stipend
• Rejuvenation Policy – Vacation Time Off + You will receive the official public holidays in your province
• Paid sabbatical for Nerds to recharge, gain knowledge and pursue their interests
• Monthly Wellness Stipend, Wifi Stipend, and Cell Phone Stipend
• Work from home equipment stipend
• RRSP with a 4% match. Eligible one month after hire.
• Financial wellness, guidance, and unlimited access to a Certified Financial Planner (CFP) through Northstar