Application Security Engineer

This is a fully remote position, open to applicants in District of Columbia, +1 more state.

📋 Description

• Collaborate with development teams, Site Reliability Engineering, and various stakeholders to enhance the adoption of security best practices during the Software Development Life Cycle (SDLC).

• Proactively identify security enhancements and execute them independently.

• Oversee, manage, and automate processes related to vulnerability management.

• Prioritize and address vulnerabilities identified through internal scans, penetration tests, and bug bounty programs.

• Conduct threat modeling, code audits, and design reviews alongside engineers to ensure secure and effective development.

• Work together to provide actionable recommendations for practical solutions.

• Develop a threat hunting capability and automate processes where suitable.

• Improve logging capabilities associated with security events.

• Integrate and manage tools for dynamic and static code analysis.

• Ensure the proper functioning of security tools within the development pipeline.

⛳️ Requirements

• Minimum of 4 years of experience in secure development or application security.

• Strong understanding of security concepts such as authentication and web architecture.

• Proficiency in programming languages like Node.js, Go, etc.

• Experience in managing bug bounty programs, penetration testing, and vulnerability scanning initiatives.

• Familiarity with setting up and maintaining SAST, DAST, IAST, and SCA tools.

• Experience utilizing assessment tools such as Burp, ZAP, Qualys, Nessus, etc.

• Expertise in building and maintaining Web Application Firewall (WAF) solutions.

• Knowledge of industry security practices, standards, and regulations like FedRAMP, SOC2, HIPAA, etc., is a plus.

• Familiarity with GCP/AWS and the security of Kubernetes infrastructure is a plus.

• Self-driven and goal-oriented, capable of identifying tasks that need completion and executing them.

🏝️ Benefits

• A Flexible PTO policy — we strongly encourage you to take time off (in addition to 14 holidays) to ensure you have the opportunity to unplug and recharge.

• An annual Learning & Development Stipend of $1,500 aimed at providing you with resources for continuous learning and professional growth.

• Regular company-sponsored team celebrations that offer numerous opportunities to connect and socialize with colleagues!

• Access to an Employee Assistance Program.

• Access to Headspace, a mental health app tailored to your individual needs.

• A flat 3% contribution to your retirement account.

• A high level of flexibility — Have an appointment, errand, or family emergency? We give you the time and space to prioritize your personal needs.

• In addition to well-being, Virtru emphasizes diversity, equity, inclusion, and belonging. Our DB&I Council is committed to creating an inclusive workplace and ensuring the psychological safety of all our teammates.

• Competitive compensation.

• Generous parental, medical, and bereavement policies.

• 401K contributions and stock options.

• Comprehensive medical, dental, and vision benefits.

• New Hire Swag and IT Welcome boxes.

• Structured semi-annual 360° performance reviews.