Lead Application Security Engineer

United States, Remote

Very Good Security, Inc. logo
Very Good Security, Inc.
Apply now Apply later

Posted 1 week ago

At Very Good Security (“VGS”) we are on a mission to protect the world’s sensitive data - and we’d love to have you along for this journey.
Very Good Security (“VGS”) was founded by highly successful repeat entrepreneurs and is backed by world-class investors like Goldman Sachs, Andreessen Horowitz, and Visa. We are building an amazing global team spread across four cities. As a young and growing company, we are laser-focused on delighting our customers and hiring talented and entrepreneurial-minded individuals. 
This role is on the Application Security Team, which builds programs that contribute to securing our products and services.

What initiatives you’ll be involved in:

  • Triage and prioritize application security vulnerabilities.
  • Work with Engineering to schedule mitigations.
  • Track bug bounty spends and MTTM (mean time to mitigation) of security vulnerabilities.
  • Develop internal AppSec review processes.
  • Build and conduct secure coding training for all developers.
  • Mentor and train security champions throughout Engineering.
  • Implement automated, proactive security measures (e.g., SAST/DAST).
  • Develop Secure SDLC process and communicate process to Engineering.
  • Collaborate with external-facing security communications team when possible/feasible (e.g., blog posts, security vulnerability disclosures, etc.).

What you bring to the role:

  • At least 3-5 years of direct experience either working on or leading an application security team.
  • Experience conducting internal application security reviews.
  • Experience with vulnerability disclosure programs.
  • Experience with building/measuring metrics and KPIs to track security mitigations.
  • Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, GitLab, etc).
  • Experience developing and communicating Secure SDLC processes.
  • Experience working with SAST/DAST and related tools (e.g., Synopsys, Veracode, GitLab Secure, GitHub Advanced Security, etc.).
  • Experience with threat modeling methodologies (e.g., STRIDE).
  • Experience with Java and Python secure coding assessments.

Nice to Haves:

  • Experience with cloud-native pre-IPO startup companies.
  • Experience with AWS security services and tooling.

About You:

  • Able to succeed in a remote, globally-distributed work environment.
  • Highly organized, and able to triage and prioritize numerous issues and projects.

Benefits and Perks:

  • Competitive health benefits including medical, dental, & vision insurance
  • 401k plan with company match and immediate vesting
  • Flexible time off
  • Pre-tax commuter benefits
  • 12 company paid holidays
  • Annual employee retreat
Job tags: AWS Java Python Vulnerabilities