Senior Application Security Engineer

Toronto

Applications have closed

VTS

Transform your commercial real estate and lease management process with VTS. Landlords and CRE brokers can manage assets and leasing with one CRM.

View company page

ABOUT VTS
VTS is changing the way that commercial real estate (CRE) is done—disrupting a $15 trillion industry by becoming the modern operating system for CRE. We invented the category of leasing and asset management, which allows landlords and brokers to take their entire leasing process online to maximize revenue and performance. Last year, we launched the fastest adopted new product in proptech, VTS Market. Rise Buildings by VTS is leading an entirely new category of software - tenant experience. We also recently launched VTS Data, already getting front-page references in the Wall Street Journal and quoted by Reuters, The Real Deal, Commercial Observer, and many more. Our success shows in our numbers—we hit "Unicorn" status in 2019 and today we have over 12  billion square feet of commercial space managed on VTS on 80,000 buildings in 34 countries, and we’ve expanded to over 400 employees globally. It’s an exciting time to join the VTS team as we continue to grow rapidly and break records.
Our headquarters are in NYC, but we have major hubs in other cities including Chicago, IL, Toronto, CA, and London, UK.
Learn more at vts.com, risebuildings.com,  or follow us on Instagram (@WeAreVTS), Twitter (@WeAreVTS), or LinkedIn
Are you wondering about how VTS has adapted to a WFH environment? Read our blog post here to find out
How does this position help VTS succeed?

Our mission is to be Commercial Real Estate’s modern operating system, the place where deals happen, customer relationships are nourished, and real-time market data comes to life. We're growing at an incredible pace and are looking for an experienced Staff Security Engineer to lead the Security Engineering practice, make VTS a more secure application, and protect our customers against security threats.
You will work closely with our engineering teams to ensure security is part of VTS technology design and development workflows. Code reviews, security architecture reviews, and mentorship of engineers will be some of the tools you can wield to accomplish this. Additionally, you will assist with the research and development of projects that we could implement in-house to push the state of the art of application security that will be built into our products.

What Makes This Job Awesome?

  • Architect, evaluate, build, and support security-focused cloud tools and services
  • Contribute code that improves security throughout VTS’ products
  • Build mitigations and remediations for security vulnerabilities with your fellow engineers
  • Identify and assess security risks, model threats, and develop mitigation plans
  • Perform application security software and configuration reviews spanning a wide range of digital technologies (web, mobile, embedded)
  • Perform cloud infrastructure reviews to ensure we build in a safe-by-default manner, minimizing access risks
  • Support third-party audits of our application, including SOC2 and Pen Tests
  • Empower developers to do their job securely without creating unnecessary friction
  • Educate your fellow engineers about security in application code and infrastructure
  • Promote security within VTS
  • Recommend new security products and technologies & lead during implementation
  • Advance your personal knowledge of application security to stay on the bleeding edge

What Makes You a Great Fit?

  • What Makes You a Great Fit?
  • 6+ years of experience and knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, and BGP)
  • You have experience protecting against and mitigating real-world attacks (DDoS, XSS, session-hijacking, SQL injection, CSRF, etc)
  • You have a diverse range of security experience at the enterprise level (information, application, network, and IT)
  • You have in-depth knowledge of modern development and deployment processes used by enterprise technology organizations, especially in Cloud (AWS/GCP)
  • You have experience implementing application security frameworks in cloud environments (AWS/GCP)
  • You have a solid understanding of the web, mobile, and embedded systems software development
  • You have a solid understanding of modern developer platform and CI/CD practices
  • You have solid experience with web, mobile, and embedded systems application pentesting
  • You have experience reviewing source code (Rails/Java/ObjC/PHP/NodeJS/JS/etc) and cloud provider configs (AWS) and deployment
  • You have solid experience using a scripting language such as Python, Ruby, etc.
  • You have a solid understanding of Linux architecture and security
  • You want to crush entire bug classes, not play whack-a-mole
  • You want to work in a fast-paced, high-growth startup environment that respects its engineers and customers
  • Nice to have
  • Experience in data products, especially in Securing sensitive data
  • Experience being the first or second hire in a Security Engineering team

More about our team

  • We have an 100+ person engineering team
  • We work in small, cross-functional teams that include product managers, designers, and QA, grouped in outcome-oriented “houses”
  • We value continuous learning in our everyday work
  • We deploy daily and rely heavily on automated testing and CI
  • We use agile development and lean startup principles and practices to deliver products
  • We work with technologies like Ruby on Rails, React, Heroku, Postgres, AWS(Securityhub, ), Swift, Kotlin, Python, and Kafka.
  • Learn more on our engineering blog

What VTS values & how we show it:

  • Strive for Excellence - We know your potential is unlimited. Take advantage of our executive coaches and our training and career development programs available to all employees!
  • Be Customer Obsessed - We’re employee obsessed too! VTS offers competitive compensation, comprehensive health benefits (including dental and vision), pre-tax commuter benefits, and a 401(k) plan. Not to mention the fun stuff - monthly happy hours, wellness events, clubs, and team lunches!
  • Be Curious - Benefit from a culture that promotes new learning. VTS offers an education stipend to all employees!
  • Move as One - We work in an open floor plan to promote cross-functional collaboration.
  • Take Ownership - Be an owner of the company you’re building with our equity packages.
  • Appreciate the Difference - VTS embraces and celebrates diversity. We understand the importance of a strong work-life balance. We offer a flexible PTO policy, generous family leave program, and more!
VTS is proud to operate an equal opportunity workplace.  We welcome applications from all qualified individuals and are committed to equal employment opportunity regardless of gender identity or expression, race, ethnic origin, creed, place of origin, age, sex, marital status, physical or mental disability, sexual orientation, and any other category protected by law. 
If you have a disability or special need that requires accommodation at any time during the recruitment process, please let us know at ta@vts.com

Tags: Agile Application security Audits AWS CI/CD Cloud CSRF DDoS GCP Heroku Java Kotlin Linux Node.js Pentesting PHP PostgreSQL Python Ruby Scripting SOC 2 SQL SQL injection TCP/IP Vulnerabilities XSS

Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Health care Lunch / meals Startup environment Team events Unlimited paid time off Wellness

Region: North America
Country: Canada
Job stats:  7  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.