Lead Application Security Engineer - US, Canada or Europe
vArmour is the leading provider of Application Relationship Management. Enterprises around the world rely on vArmour to control operational risk and increase application resiliency for their multi-cloud environments - all while leveraging the technology they already own. Based in Los Altos, CA, the company is backed by top investors including Highland Capital Partners, AllegisCyber, NightDragon, Redline Capital, Citi Ventures, and Telstra.
Only vArmour is able to build out a relationship-based map of applications and users across the enterprise, regardless of the underlying infrastructure. As businesses continue to tackle the challenges of digital transformation, this deepened visibility into every environment means businesses can map relationships across their entire dynamic enterprise in one view. This equips security and operations teams with unprecedented control to address user access risks, achieve Zero Trust objectives, meet compliance, or discover the blast radius of an incident.
At vArmour, “Relationships Matter” is the cornerstone philosophy that drives the company. It shows itself in the technology and in how the company enables hundreds of enterprises around the globe to understand the relationships within and across their estates to optimize risk and resiliency. This value is taken to heart as well in how the company treats people, whether they’re customers, partners or fellow employees. The company believes that together we are stronger and better. This is why Relationships Matter at vArmour.
Location: US, Canada or Europe
vArmour’s Application Security team is made up of high performing engineers who ensure our complex enterprise networking security software solutions for on prem and in cloud environments adhere to the most demanding security standards. As lead Application Security Engineer you will ensure systemic security throughout the vArmour product and evangelize, mentor and train developers and SDETs in best security practices.
What you will do
Foster and maintain a culture of security excellence throughout the Engineering organization through a combination of hands-on delivery, executing security code reviews, and evangelizing best technical and development practices.
Build security test cases and mentor others in developing positive and negative security test cases throughout the development lifecycle.
Provide specific and detailed training in the delivery of security best practices (aligning with OWASP Top 10, Mitre and other frameworks) throughout the product. You will develop, publish and mentor team members on the use of secure coding patterns.
Author/select, adopt, and maintain standard libraries to achieve common and repeatable security patterns to ensure systematic and consistent adoption throughout the organization; such as parameterization, encoding, validation, and secrets protection.
Develop and integrate additional security tooling and third party products into the vArmour automated CI/CD pipeline, including tools to generate SBOM, code analysis tools and other advanced automation which will continue to ensure that vArmour delivers the most secure software in the industry.
You will work within agile development Scrum teams to ensure that best application security practices are embedded across the entire application development organization and lifecycle.
What you will bring
B.S. or preferably M.S. in Computer Science or equivalent
8-10 years of relevant experience
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
Proven experience of leading Application Security and Secure Development practices within a modern Agile environment, closely partnering with developers.
Experience with OWASP, static/dynamic code analysis, SBOM, and common security tools, such as Burp Suite and Qualys.
Experience of developing, delivering and training development teams on security patterns and best practices.
Demonstrable experience of mentoring and influencing diverse development and test teams in the prioritization and adoption of secure coding and testing methodologies.
Experience building, maintaining, and educating others in the development of positive and negative security test cases - through unit testing to integration test stages of the SDLC.
Experience delivering secure authentication, secrets management, database security, and web application controls in distributed cloud based environments.
Hands-on development and code review expertise in Python, React, API development.
Familiarity with the adoption of cloud security controls and best practices (including Kubernetes, Cloud IaaS, cloud networking, and SDLC toolchains).
The opportunity to work in a fast-paced start-up environment and grow your career rapidly as we scale
Competitive salary and Pre-IPO equity
Pension contribution program
Mental Wellness program support
Generous time off programs along with community volunteer time
Hybrid and remote work options
Great culture and team celebrations (virtual events, guest speakers, happy hour)
vArmour is an equal opportunity employer and supports a diverse, inclusive workforce.