Application Security Engineer

About Virtru: While the rest of the security industry obsesses over locking data down to prevent it from being lost or stolen, we're doing something fundamentally different at Virtru. We're setting data free so that you can intentionally share it with others, but without sacrificing security, privacy, or control. We've created both a suite of powerful data protection applications and an open platform that's sparking an ecosystem of innovation. Through the Trusted Data Format (TDF) open standard, we're not just protecting data; we're creating a new paradigm where security enables sharing rather than preventing it. Think of us as the Android of data protection: a robust platform with an open core that developers and partners can build upon, coupled with our own best-in-class applications that showcase what's possible when you reimagine security from the ground up. Backed by Iconiq Capital, Bessemer Venture Partners, Foundry Capital, and Tiger Global, we're helping Fortune 500 companies and government agencies discover that true data security means having the freedom to share, collaborate, and innovate — without compromise. About Virtru: While the rest of the security industry obsesses over locking data down to prevent it from being lost or stolen, we're doing something fundamentally different at Virtru. We're setting data free so that you can intentionally share it with others, but without sacrificing security, privacy, or control. We've created both a suite of powerful data protection applications and an open platform that's sparking an ecosystem of innovation. Through the Trusted Data Format (TDF) open standard, we're not just protecting data; we're creating a new paradigm where security enables sharing rather than preventing it. Think of us as the Android of data protection: a robust platform with an open core that developers and partners can build upon, coupled with our own best-in-class applications that showcase what's possible when you reimagine security from the ground up. Backed by Iconiq Capital, Bessemer Venture Partners, Foundry Capital, and Tiger Global, we're helping Fortune 500 companies and government agencies discover that true data security means having the freedom to share, collaborate, and innovate — without compromise. Compensation: $180,000 - $200,000/year Team & Position Details: Here at Virtru you'll join an innovative product security team that is helping secure some of the world's most important information. Our platform, built on an open source core, functions in a wide range of threat models. As an application security engineer you will help our engineering teams maintain and develop our product, and directly have impact in a security centric company and product. An ideal candidate is prepared to operate in a public and open source form, in addition to being able to review complex systems and product requirements. You should have a strong foundation in the fundamentals of cryptography, and be able to talk and collaborate with development teams. Our applications are primarily built in Go and Javascript. We use a range of security tools, and aggressively automate where we can (even if we have to code and build it). If you are excited rather than scared by highly technical problems, we are offering a security role where you can learn and grow while having direct impact in continuing to harden a security critical mission. As an Application Security Engineer, your responsibilities will include: Security Engineering Collaborate with development teams, Site Reliability Engineering, and other stakeholders to strengthen the adoption of security best practices throughout the SDLC. Independently identify security improvements and implement them. Vulnerability Management: Implement, manage, and automate vulnerability management processes. Prioritize and remediate vulnerabilities discovered through internal scans, penetration tests, and bug bounties. Security Assessments Conduct threat modeling, code audits, design reviews with engineers to ensure effective and secure development. Collaborate in providing actionable recommendations to find workable solutions. Threat Hunting: Establish a threat hunting capability and automate where appropriate. Enhance logging capabilities related to security events. Security Tools Integration and Management: Integrate and manage dynamic and static code analysis tools. Ensure operation of security tools within the development pipeline. Skills that will help you thrive in this role: 4+ years experience in secure development or application security. Deep knowledge of security concepts such as authentication, web architecture, etc. Experience with Nodejs, Go, etc. Experience running bug-bounty, penetration testing, vulnerability scanning programs. Experience setting up and maintaining SAST, DAST, IAST and SCA tooling Experience using assessment tools such as Burp, ZAP, Qualys, Nessus, etc. Experience building and maintaining WAF solutions. Familiarity with industry security practices, standards, and regulations such as FedRAMP, SOC2, HIPAA, etc. a plus. Familiarity with GCP/AWS and Kubernetes infrastructure security a plus. Self-motivated and goal driven, able to find what needs to be done and do it. Virtruvian qualities that will set you up for success: Thinking outside of the box to respectfully challenge your teammates and managers in the pursuit of excellence Strong sense of urgency with an action-oriented mindset Able to collaborate and adapt to shifting priorities as business needs evolve Comfortable with asynchronous communication including slack, email, zoom, etc. Perks & Benefits: At Virtru, we believe people do their best work when their wellbeing is put first. This is why we make your wellbeing our priority with a thoughtful and holistic program that encompasses Occupational, Mental, Social, Physical, and Environmental Wellness by offering benefits such as… A Flexible PTO policy — we strongly encourage you to take time off (in addition to 14 holidays) to ensure that you are getting the proper time needed to unplug and recharge. A $1,500 annual Learning & Development Stipend focused on providing you the resources to continually learn and professionally grow. Frequent company-sponsored team celebrations that provide ample opportunities to connect with teammates and be social! Access to an Employee Assistance Program Access to Headspace, a mental health app tailored to your specific needs. A flat 3% contribution to your retirement account A high degree of flexibility — Have an appointment, errand, or family emergency to take care of? Hop to it! We give you the time and space to take care of you and your own first. In addition to wellbeing, Virtru places a strong emphasis on diversity, equity, inclusion, and belonging. Our DB&I Council is dedicated to fostering an inclusive workplace and making the psychological safety of each and every one of our teammates a top priority. Additional perks include: Competitive compensation Generous parental, medical, and bereavement policies 401K contribution and stock options Full medical, dental, and vision benefits New Hire Swag and IT Welcome boxes Structured semi-annual 360° performance reviews Virtru is committed to building an inclusive environment for people of all backgrounds and everyone is encouraged to apply. Virtru is an Equal Opportunity Employer and does not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable national, federal, state, or local law. Apply To This Job