Virtru Senior Product Security Engineer in Washington, District Of Columbia

"Crypto won't be broken. It will be bypassed" - Adi Shamir

In an era where every data transfer is a potential data leak, Virtru makes it possible for everyone to protect their content by offering easy and affordable email and file encryption. From individuals to large enterprises, Virtru lets people control who receives, reviews, and retains their information – wherever it travels, throughout its lifespan. Based on the open Trusted Data Format (TDF) created by Virtru Co-Founder Will Ackerly, the company’s Encryption-as-a-Service (EaaS) architecture integrates powerful data security directly into the applications we use every day.

Virtru is a fast-paced startup with a strong performance-driven culture. We are well capitalized with investments from Bessemer Venture Partners and private investors. Virtru offers a competitive salary, full health benefits, and the ability to work with talented coworkers in an informal, collaborative environment.

We are looking for a Senior Product Security professional to join our team. Ideal candidate has experience in protecting NodeJS, JavaScript, C#, Java and Mobile applications along with knowledge of defending systems in AWS. Any experience in software development will be a huge plus. We are building a security practice that scales as the company grows. If automating security is your passion, you will find Virtru to be a great place for you. You will get to work on all of Virtru’s products - client side as well as server side. You will need to work openly and collaboratively with multiple stakeholders to drive results.

We are a fun group and want to keep it that way, which means you should be comfortable speaking your mind, drinking a few beers, eating ramen, and geeking out about security. Anyone who has trouble self-motivating is going to have a hard time.

Assess risk and Prioritize. Don’t wait for directions. We don't want anyone that needs to be managed, so if you have trouble self-organizing with the assistance of a sprint board you shouldn't apply.

At this time we are not accepting applications from outside the continental USA.

Scope of Responsibilities

• Setting up, maintaining, and running toolchain for security checks.

• Wherever applicable, introduce security testing and vulnerability management into software development lifecycle and automate it.

• Perform automated and manual vulnerability scans on all components of our service

• Catalog, assess, and track to completion known security issues throughout our stack

• Architecture and code reviews for security issues. Develop best practices ensure repeatable process is in place.

• Pen Test Virtru assets

• Coordinate 3rd party pen tests, 3rd party code reviews

• Run Virtru Bug Bounty program

• Work with ops engineers during security incident response

• Look at Virtru’s overall threat model, attack vectors and risks associated; then prioritize the projects to achieve maximum impact.

• Work closely with our compliance staff and customers.