Application Security Engineer
About The Position
Virtru is seeking an Application Security Engineer to join their innovative product security team. This role will focus on securing important information within Virtru's platform, which is built on an open-source core and functions in a wide range of threat models. The engineer will collaborate with development teams to maintain and develop the product, directly impacting a security-centric company and product. The ideal candidate will be comfortable operating in a public and open-source environment, capable of reviewing complex systems and product requirements, and possess a strong foundation in cryptography. They should also be able to communicate and collaborate effectively with development teams. Virtru's applications are primarily built in Go and Javascript, and the company utilizes a range of security tools, with a focus on automation. This role offers an opportunity to learn and grow while hardening a security-critical mission.
Requirements
- 4+ years experience in secure development or application security.
- Deep knowledge of security concepts such as authentication, web architecture, etc.
- Experience with Nodejs, Go, etc.
- Experience running bug-bounty, penetration testing, vulnerability scanning programs.
- Experience setting up and maintaining SAST, DAST, IAST and SCA tooling
- Experience using assessment tools such as Burp, ZAP, Qualys, Nessus, etc.
- Experience building and maintaining WAF solutions.
- Self-motivated and goal driven, able to find what needs to be done and do it.
- Thinking outside of the box to respectfully challenge your teammates and managers in the pursuit of excellence
- Strong sense of urgency with an action-oriented mindset
- Able to collaborate and adapt to shifting priorities as business needs evolve
- Comfortable with asynchronous communication including slack, email, zoom, etc.
Nice To Haves
- Familiarity with industry security practices, standards, and regulations such as FedRAMP, SOC2, HIPAA, etc. a plus.
- Familiarity with GCP/AWS and Kubernetes infrastructure security a plus.
Responsibilities
- Collaborate with development teams, Site Reliability Engineering, and other stakeholders to strengthen the adoption of security best practices throughout the SDLC.
- Independently identify security improvements and implement them.
- Implement, manage, and automate vulnerability management processes.
- Prioritize and remediate vulnerabilities discovered through internal scans, penetration tests, and bug bounties.
- Conduct threat modeling, code audits, design reviews with engineers to ensure effective and secure development.
- Collaborate in providing actionable recommendations to find workable solutions.
- Establish a threat hunting capability and automate where appropriate.
- Enhance logging capabilities related to security events.
- Integrate and manage dynamic and static code analysis tools.
- Ensure operation of security tools within the development pipeline.
Benefits
- Flexible PTO policy
- 14 holidays
- $1,500 annual Learning & Development Stipend
- Frequent company-sponsored team celebrations
- Access to an Employee Assistance Program
- Access to Headspace, a mental health app
- A flat 3% contribution to your retirement account
- Generous parental, medical, and bereavement policies
- 401K contribution
- Stock options
- Full medical, dental, and vision benefits
- New Hire Swag and IT Welcome boxes
- Structured semi-annual 360° performance reviews
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
