Senior Application Security Engineer at VTS
New York, US
VTS is changing the way that commercial real estate (CRE) is done - disrupting a $15 trillion dollar industry by becoming the modern operating system for CRE. We invented the category of leasing and asset management, which allows landlords and brokers to manage their entire leasing process to maximize revenue and performance. Our success shows in our numbers - we’ve grown 123% annually since 2013, and today we have over 11 billion square feet of commercial space managed on VTS, and we’ve expanded to ~200 employees globally. It’s an exciting time to join the VTS team as we continue to scale!
 
Our headquarters are in NYC, but we have hubs in other major US cities, Toronto, CA and London, UK.
 
Learn more at vts.com or @WeAreVTS
 
Our mission is to be Commercial Real Estate’s modern operating system, the place where deals happen, customer relationships are nourished, and real-time market data comes to life.
We're growing at an incredible pace and are looking for an experienced Application Security Engineer to help make VTS a more secure application and protect our customers against security threats.
 
You will work closely with our engineering teams to ensure security is part of VTS technology design and development workflows. Code reviews, security architecture reviews, and mentorship of engineers will be some of the tools you can wield to accomplish this.
Additionally, you will assist with research and development of projects that we could implement in-house to push the state of the art of application security that will be built into our products.

What you'll do

    • Architect, evaluate, build, and support security-focused tools and services
    • Contribute code that improves security throughout VTS’ products
    • Build mitigations and remediations for security vulnerabilities with your fellow engineers
    • Identify and assess security risks, model threats, and develop mitigation plans
    • Perform application security software and configuration reviews spanning a wide range of digital technologies (web, mobile, embedded)
    • Perform cloud infrastructure reviews to ensure we build in a safe-by-default manner, minimizing access risks
    • Support third-party audits of our application, including SOC2 and Pen TestsEmpower developers to do their job securely without creating unnecessary friction
    • Educate your fellow engineers about security in application code and infrastructurePromote security within VTSRecommend new security products and technologies
    • Advance your personal knowledge of application security to stay on the bleeding edge

About you

    • 3+ years of experience and knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP and BGP)
    • Experience protecting against and mitigating real-world attacks (DDoS, XSS, session-hijacking, SQL injection, CSRF, etc)
    • Diverse range of security experience at the enterprise level (information, application, network, and IT)
    • Knowledge of modern development and deployment processes used by consumer technology organizations
    • Solid understanding of web, mobile, and embedded systems software development
    • Solid understanding of modern developer platform and CI/CD practices
    • Solid experience with web, mobile, and embedded systems application pentesting
    • Experience reviewing source code (Rails/Java/ObjC/PHP/NodeJS/JS/etc)
    • Experience reviewing cloud provider configs and deployment
    • Solid experience using a scripting language such as Python, Ruby, etc.
    • Solid understanding of Linux architecture and security
    • You want to crush entire bug classes, not play whack-a-mole
    • You want to work in a fast-paced, high-growth startup environment that respects its engineers and customers

We Take Care of You!

    • Competitive compensation packages, including equity
    • Great medical, vision, dental, and commuter benefits
    • Generous family policies
    • Training and career development programs for everyone in the company
    • 401K plan
    • Unlimited vacation policy
    • Team lunches, company happy hours, ample snacks and drinks
    • VTS clubs including rock climbing, skiing, baking, board-games, surfing, softball and more
VTS embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.
 
All your information will be kept confidential according to EEO guidelines.