Very Good Security

Very Good Security

VGS is the global leader in payment tokenization, providing security and compliance infrastructure for banks, fintechs, and merchants to manage payment data complexities and accelerate PCI, SOC2, and more compliances.

Internet Software & Services
51-250
Founded 2015
$45M raised

Description

  • Support application security reviews for services, APIs, and new product features across the VGS platform.
  • Identify, validate, and track findings from static analysis, dependency scanning, container scanning, and other security testing tools.
  • Participate in threat modeling and secure design discussions with engineering teams during feature development.
  • Evaluate the security of AI-enabled development workflows and internal AI systems integrated into the SDLC.
  • Manually test and validate web application and API security issues, including access control, authentication, input validation, and secrets handling.
  • Help improve secure SDLC processes by contributing to developer guidance, secure coding resources, and review checklists.
  • Work with engineers to understand remediation options and document security risks and recommendations.
  • Contribute to improving security tooling and guardrails in CI/CD and development workflows.
  • Provide proactive feedback to help build secure products and development practices.

Requirements

  • Currently pursuing a degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or equivalent practical experience.
  • Foundational understanding of application security concepts such as the OWASP Top 10, API security, authentication and authorization, secure coding, and common software vulnerabilities.
  • Ability to read and reason about code in one or more programming languages such as Java, Python, JavaScript, or Go.
  • Familiarity with Git, the software development lifecycle, and basic testing or debugging workflows.
  • Strong interest in secure software design, cloud-native architectures, and automation.
  • Strong written and verbal communication skills for explaining technical issues to security and engineering stakeholders.
  • Curious, collaborative, and eager to learn how security can enable developers.
  • Exposure to LLMs, threat modeling, Burp Suite, SAST/DAST tools, CI/CD pipelines, Docker/Kubernetes, or cloud environments is a plus.
  • Must be legally authorized to work in the United States at the time of hire and throughout employment.
  • Candidates must be located in one of the following states: California, Colorado, Connecticut, Florida, Illinois, New York, North Carolina, Oregon, Texas, Virginia, or Washington.

Benefits

  • $20 per hour compensation.
  • Remote-first work environment.
  • Hybrid schedule available for candidates living within 30 miles of an office location.
  • Flexible work approach that supports work-life balance.
  • Consideration of applicants with arrest and conviction records in accordance with the San Francisco Fair Chance Ordinance.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Senior Manager, Engineering

Sumo Logic 251-1K Internet Software & Services

Sumo Logic is hiring a Senior Manager, Engineering for Application Security to lead global programs that improve product security, reliability, and operational efficiency across its cloud platform.

Agile AWS C++ Docker GCP Java Kafka Kubernetes OWASP Ruby Scala SIEM
19 hours, 17 minutes ago

Security Engineering - Apps and Cloud Security

CallTek 51-250 Internet Software & Services

A security engineer at the company will own cloud and application security initiatives across CSPM, CIEM, CWPP, and AppSec platforms, with a focus on securing multi-cloud environments and enabling DevSecOps.

AWS DevSecOps GCP
19 hours, 17 minutes ago

Senior Configuration Engineer, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Configuration Engineer to lead enterprise release management and delivery automation across cloud-native, SaaS, and AI product environments.

Ansible Azure Bash CI/CD DevSecOps Docker GitOps Jenkins Kubernetes PowerShell Python Secrets Management Terraform
6 days, 18 hours ago

Senior Cyber-Security Operations Analyst, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Cyber Security Operations Analyst to help design and scale secure Azure-based development and QA environments while improving CI/CD delivery and integrating security across the software lifecycle.

Ansible AWS Azure Bash CI/CD DevSecOps Docker GCP Git GitHub Actions Jenkins Kubernetes PowerShell Python Secrets Management Terraform
6 days, 18 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers