Senior Application Security Engineer
Toronto
VTS
Transform your commercial real estate and lease management process with VTS. Landlords and CRE brokers can manage assets and leasing with one CRM.VTS is changing the way that commercial real estate (CRE) is done—disrupting a $15 trillion industry by becoming the modern operating system for CRE. We invented the category of leasing and asset management, which allows landlords and brokers to take their entire leasing process online to maximize revenue and performance. Last year, we launched the fastest adopted new product in proptech, VTS Market. Rise Buildings by VTS is leading an entirely new category of software - tenant experience. We also recently launched VTS Data, already getting front-page references in the Wall Street Journal and quoted by Reuters, The Real Deal, Commercial Observer, and many more. Our success shows in our numbers—we hit "Unicorn" status in 2019 and today we have over 12 billion square feet of commercial space managed on VTS on 80,000 buildings in 34 countries, and we’ve expanded to over 400 employees globally. It’s an exciting time to join the VTS team as we continue to grow rapidly and break records.
Our headquarters are in NYC, but we have major hubs in other cities including Chicago, IL, Toronto, CA, and London, UK.
Learn more at vts.com, risebuildings.com, or follow us on Instagram (@WeAreVTS), Twitter (@WeAreVTS), or LinkedIn.
Are you wondering about how VTS has adapted to a WFH environment? Read our blog post here to find out
How does this position help VTS succeed?
Our mission is to be Commercial Real Estate’s modern operating system, the place where deals happen, customer relationships are nourished, and real-time market data comes to life. We're growing at an incredible pace and are looking for an experienced Staff Security Engineer to lead the Security Engineering practice, make VTS a more secure application, and protect our customers against security threats.
You will work closely with our engineering teams to ensure security is part of VTS technology design and development workflows. Code reviews, security architecture reviews, and mentorship of engineers will be some of the tools you can wield to accomplish this. Additionally, you will assist with the research and development of projects that we could implement in-house to push the state of the art of application security that will be built into our products.
What Makes This Job Awesome?
- Architect, evaluate, build, and support security-focused cloud tools and services
- Contribute code that improves security throughout VTS’ products
- Build mitigations and remediations for security vulnerabilities with your fellow engineers
- Identify and assess security risks, model threats, and develop mitigation plans
- Perform application security software and configuration reviews spanning a wide range of digital technologies (web, mobile, embedded)
- Perform cloud infrastructure reviews to ensure we build in a safe-by-default manner, minimizing access risks
- Support third-party audits of our application, including SOC2 and Pen Tests
- Empower developers to do their job securely without creating unnecessary friction
- Educate your fellow engineers about security in application code and infrastructure
- Promote security within VTS
- Recommend new security products and technologies & lead during implementation
- Advance your personal knowledge of application security to stay on the bleeding edge
What Makes You a Great Fit?
- What Makes You a Great Fit?
- 6+ years of experience and knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, and BGP)
- You have experience protecting against and mitigating real-world attacks (DDoS, XSS, session-hijacking, SQL injection, CSRF, etc)
- You have a diverse range of security experience at the enterprise level (information, application, network, and IT)
- You have in-depth knowledge of modern development and deployment processes used by enterprise technology organizations, especially in Cloud (AWS/GCP)
- You have experience implementing application security frameworks in cloud environments (AWS/GCP)
- You have a solid understanding of the web, mobile, and embedded systems software development
- You have a solid understanding of modern developer platform and CI/CD practices
- You have solid experience with web, mobile, and embedded systems application pentesting
- You have experience reviewing source code (Rails/Java/ObjC/PHP/NodeJS/JS/etc) and cloud provider configs (AWS) and deployment
- You have solid experience using a scripting language such as Python, Ruby, etc.
- You have a solid understanding of Linux architecture and security
- You want to crush entire bug classes, not play whack-a-mole
- You want to work in a fast-paced, high-growth startup environment that respects its engineers and customers
- Nice to have
- Experience in data products, especially in Securing sensitive data
- Experience being the first or second hire in a Security Engineering team
More about our team
- We have an 100+ person engineering team
- We work in small, cross-functional teams that include product managers, designers, and QA, grouped in outcome-oriented “houses”
- We value continuous learning in our everyday work
- We deploy daily and rely heavily on automated testing and CI
- We use agile development and lean startup principles and practices to deliver products
- We work with technologies like Ruby on Rails, React, Heroku, Postgres, AWS(Securityhub, ), Swift, Kotlin, Python, and Kafka.
- Learn more on our engineering blog
What VTS values & how we show it:
- Strive for Excellence - We know your potential is unlimited. Take advantage of our executive coaches and our training and career development programs available to all employees!
- Be Customer Obsessed - We’re employee obsessed too! VTS offers competitive compensation, comprehensive health benefits (including dental and vision), pre-tax commuter benefits, and a 401(k) plan. Not to mention the fun stuff - monthly happy hours, wellness events, clubs, and team lunches!
- Be Curious - Benefit from a culture that promotes new learning. VTS offers an education stipend to all employees!
- Move as One - We work in an open floor plan to promote cross-functional collaboration.
- Take Ownership - Be an owner of the company you’re building with our equity packages.
- Appreciate the Difference - VTS embraces and celebrates diversity. We understand the importance of a strong work-life balance. We offer a flexible PTO policy, generous family leave program, and more!
If you have a disability or special need that requires accommodation at any time during the recruitment process, please let us know at ta@vts.com
Tags: Agile Application security Audits AWS CI/CD Cloud CSRF DDoS GCP Heroku Java Kotlin Linux Node.js Pentesting PHP PostgreSQL Python Ruby Scripting SOC 2 SQL SQL injection TCP/IP Vulnerabilities XSS
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Lunch / meals Startup environment Team events Unlimited paid time off Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Security Operations Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs