Sr. Software Engineer (Application Security)

Everyone has the right to private and secure communication. At Virtru, we build easy-to-use products built on world-class technology to make this possible.  

Virtru is a high-growth startup based in Washington, D.C. Working at Virtru, you’ll be inspired by colleagues who are passionate about the work they do. We are dedicated to creating an atmosphere that sparks creativity, connection, and professional growth. 

About the Role

As Virtru continues to grow rapidly worldwide, we need an experienced Application Security Engineer. This is a central role in a fast-moving, highly collaborative engineering team. The team works closely together, leverages the latest technology and pushes one another for continuous improvement and outstanding results.

Responsibilities

• Security Engineering: Working independently and collaborating with SRE, Engineering and other teams drive adoption of security best practices and improvements as part of the SDLC
• Security Assessments: Conduct threat modeling, code audits, design reviews with engineers to ensure effective and secure development
• Security Tools Integration and Management: Integration and management of tools such as dynamic/static code analysis in build time and runtime
• Vulnerability Management: Implement, manage, triage, and automate vulnerability management processes for finding, prioritizing, and remediating vulnerabilities through internal scans, penetration tests, bug bounties, etc.
• Threat Hunting: Initiating a threat hunting capability and automating as appropriate; analyzing and improving logging capability relevant to security events.

Desired Experience

• 4+ years experience in secure development or application security.
• Deep knowledge of security concepts such as authentication, web architecture, etc.
• Experience running bug-bounty, penetration testing, vulnerability scanning programs
• Experience setting up and maintaining SAST, DAST, IAST and SCA tooling
• Familiarity with industry security practices, standards, and regulations such as FedRAMP, SOC2, HIPAA, etc.
• Experience with Nodejs, Go, etc.
• Experience using assessment tools such as Burp, ZAP, Qualys, Nessus, etc.
• Experience building and maintaining WAF solutions.
• Self-motivated and goal driven, able to find what needs to be done and do it.
• Experience in GCP/AWS and Kubernetes infrastructure security a plus.

Virtru is committed to building an inclusive environment for people of all backgrounds and everyone is encouraged to apply. Virtru is an Equal Opportunity Employer and does not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable national, federal, state, or local law.

Virtru is committed to building an inclusive environment for people of all backgrounds and everyone is encouraged to apply. Virtru is an Equal Opportunity Employer and does not discriminate on the basis of race, color, gender, sexual orientation, gender identity or expression, religion, disability, national origin, protected veteran status, age, or any other status protected by applicable national, federal, state, or local law.