Application Security Engineer

Virtru is a company focused on redefining data security by enabling intentional sharing without sacrificing security, privacy, or control. The Application Security Engineer will be part of an innovative product security team, responsible for collaborating with development teams to strengthen security practices, manage vulnerabilities, and conduct security assessments.

Responsibilities:

• Collaborate with development teams, Site Reliability Engineering, and other stakeholders to strengthen the adoption of security best practices throughout the SDLC
• Independently identify security improvements and implement them
• Implement, manage, and automate vulnerability management processes
• Prioritize and remediate vulnerabilities discovered through internal scans, penetration tests, and bug bounties
• Conduct threat modeling, code audits, design reviews with engineers to ensure effective and secure development
• Collaborate in providing actionable recommendations to find workable solutions
• Establish a threat hunting capability and automate where appropriate
• Enhance logging capabilities related to security events
• Integrate and manage dynamic and static code analysis tools
• Ensure operation of security tools within the development pipeline

Requirements:

• 4+ years experience in secure development or application security
• Deep knowledge of security concepts such as authentication, web architecture, etc
• Experience with Nodejs, Go, etc
• Experience running bug-bounty, penetration testing, vulnerability scanning programs
• Experience setting up and maintaining SAST, DAST, IAST and SCA tooling
• Experience using assessment tools such as Burp, ZAP, Qualys, Nessus, etc
• Experience building and maintaining WAF solutions
• Familiarity with industry security practices, standards, and regulations such as FedRAMP, SOC2, HIPAA, etc
• Familiarity with GCP/AWS and Kubernetes infrastructure security
• Self-motivated and goal driven, able to find what needs to be done and do it