As a Senior Security Engineer, you will be responsible for leading and helping us advance some of our security programs. You will lead various aspects of our Application Security program like vulnerability and risk management, and contribute to expanding our Cloud security program.
To thrive in this role, you must have experience leading threat modeling sessions and secure architecture reviews, running different vulnerability scanners, working with software teams to triage, prioritize, and address application vulnerabilities, training developers, and advocating for secure coding best practices. You want to work in a fast-paced, high-growth startup environment that respects its engineers and customers. Experience integrating security solutions into CI/CD pipelines, Infrastructure-as-Code (IaC) technologies, and Cloud security would also help you succeed in this role.
Security Engineering is a critical and growing function within VTS. As one of the early members of the team, you will have the unique opportunity to set standards and practices and drive meaningful change at a company-wide level. Through establishing application and Cloud security best practices and rolling out internal security tooling, our mission as a team is to provide support and empower engineering teams to deliver the most secure solutions to all our customers.
Here’s what you can expect as a Senior Security Engineer in this role:
- Building: Architect, evaluate, build, and support security-focused tools and services. Contribute code that improves security throughout VTS’ products.
- Lead: our Vulnerability Management program and help our engineers and product managers triage, prioritize, and address application and infrastructure vulnerabilities
- Plan, strategize and contribute: Identify and assess security risks, model threats, and develop mitigation plans. Perform code and configuration reviews spanning a wide range of digital technologies (web, mobile, embedded). Perform Cloud Infrastructure reviews to ensure we build in a safe-by-default manner, minimizing access risks. Also support third-party audits of our application, including SOC 2 and Penetration Tests.
- Innovate: Leverage cutting-edge Generative AI technologies to help innovate our Application Security program
- Mentor and advocate: Educate your fellow engineers on important secure coding techniques. Empower developers to do their jobs securely without creating unnecessary friction. Promote security within VTS and help build a security-first culture.
- Continuous improvement: Recommend new security products and technologies. Advance your knowledge of application and Cloud security to stay on top of the latest trends.
What You Bring:
- Experience working with application security and participating in Application Security programs
- Experience running or participating in vulnerability management programs and having deployed and run vulnerability scanners (e.g., SCA, SAST, DAST, IAST, or RASP)
- Extensive experience working as a Software Engineer for a solid understanding of web and mobile software development, and modern developer platforms (e.g., GitHub, GitLab) and their security offerings
- Solid experience performing threat modeling on applications using STRIDE, PASTA, or similar frameworks
- Solid experience protecting applications against and mitigating real-world attacks (XSS, session-hijacking, SQL injection, CSRF, etc.)
- Conducted web or mobile application penetration testing
- Experience with cloud-native security architecture and services on AWS, GCP, or Azure (AWS preferred)
- You have worked with Infrastructure-as-Code technologies such as Terraform and IaC scanner tools such as checkov or tfsec
- Experience securing CI/CD pipelines, with experience securing IoT devices as a plus
- Knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, and BGP) and authentication standards such as SAML and OAuth
- Industry-recognized security certifications such as Security+, PenTest+, Network+, OSCP, CEH, or CISSP are a strong asset
What VTS Values & How We Show It
- Strive for Excellence - We know your potential is unlimited. Take advantage of our executive coaches and our training and career development programs available to all employees!
- Be Customer Obsessed - We’re employee obsessed too! VTS offers competitive compensation, comprehensive health benefits (including dental and vision), pre-tax commuter benefits, and a 401(k) plan. Not to mention the fun stuff - monthly happy hours, wellness events, clubs, and team lunches!
- Be Curious - Benefit from a culture that promotes new learning. VTS offers an education stipend to all employees!
- Move as One - We work in an open floor plan to promote cross-functional collaboration.
- Take Ownership - Be an owner of the company you’re building with our equity packages.
- Appreciate the Difference - VTS embraces and celebrates diversity. We understand the importance of a strong work-life balance. We offer a flexible PTO policy, generous family leave program, and more!
About VTS:
VTS is the commercial real estate industry’s only technology company that unifies owners, operators, brokers, and tenants in a single platform to capitalize on opportunities revealed in every square foot of their properties. In 2013, VTS revolutionized the commercial real estate industry’s leasing operations with what is now VTS Lease. Today, the VTS Platform is the largest first-party data source in the industry, transforming how strategic decisions are made and executed by CRE professionals across the globe.
With the VTS Platform, consisting ofVTS Lease, VTS Market, VTS Activate, and VTS Data, every business stakeholder in commercial real estate is given real-time market information and workflow tools to do their job with unparalleled speed and intelligence. VTS is the global leader, with more than 60% of Class A office space in the U.S., and 12 billion square feet of office, retail, and industrial space is managed through our platform worldwide. VTS’ user base includes over 45,000 CRE professionals and industry-leading customers such as Blackstone, Brookfield Properties, LaSalle Investment Management, Hines, BXP, Oxford Properties, JLL, and CBRE. To learn more about VTS, and to see our open roles, visit www.vts.com.
VTS maintains offices in New York City, London, Toronto, Chicago, and San Francisco.
To learn more about VTS and to see our open roles, visit us at vts.com or follow us on Instagram (@WeAreVTS), Twitter (@WeAreVTS), or LinkedIn.
DE&I Commitment
VTS embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.
VTS will provide any necessary accommodation during the recruitment and selection process to an employee or applicant with a disability.
If you have a disability or special need that requires accommodation at any time during the recruitment process, please let us know at ta@vts.com