Job Description
Who we are:
VBG (Veteran Benefits Guide) was founded by a former active-duty United States Marine with the goal of ensuring that Veterans receive the correct disability benefits in a timely manner. VBG has successfully guided over 35,000 Veterans by submitting their VA (Veteran Affairs) disability claims, resulting in increased compensation benefits for their disabilities that are related to active-duty service. As a company founded by a Veteran and staffed by many Veterans and families of Veterans, Veteran Benefits Guide is committed to advocating for policies that protect the rights and interests of former servicemembers.
Summary:
The Product Security Engineer will play a critical role in ensuring the security of our software applications, protecting sensitive data, and identifying and mitigating security vulnerabilities. This role requires a deep understanding of software security principles and a commitment to proactively safeguarding our systems.
Requirements:Basic Function/Responsibilities:
- Conduct comprehensive code reviews to identify and rectify security vulnerabilities and coding flaws.
- Collaborate with the development team to implement secure coding practices.
- Analyze software designs and architectures to identify potential security threats and weaknesses.
- Develop threat models to guide security measures and risk assessment.
- Plan and execute security testing, including penetration testing, vulnerability assessments, and security assessments.
- Work with cross-functional teams to resolve identified security issues.
- Promote security best practices throughout the software development lifecycle.
- Integrate baseline security configurations and controls into the development workflow.
- Educate development teams on secure coding practices and security awareness.
- Utilize and maintain relevant security tools and technologies, including but not limited to AppScan, Fortify, and Burp Suite, to identify vulnerabilities, assess risks, and implement appropriate security measures.
- Configure and manage firewall settings to protect the network infrastructure.
- Apply cloud security best practices for platforms like AWS, Azure, and GCP to secure cloud-based resources and services.
- Conduct training sessions and workshops on security-related topics.
- Develop and maintain an incident response plan for software security incidents.
- Lead investigations and collaborate with incident response teams to address security breaches.
- Ensure software applications comply with industry regulations and standards (e.g., HIPAA, OWASP, NIST, GDPR).
- Assist in the development and enforcement of security policies and procedures.
- Stay updated on emerging threats and trends in software security.
- Continuously research and recommend new security tools and methodologies.
Required Experience:
- Proven experience in software Security Engineering or secure software development.
- Excellent programming skills in JavaScript, PHP, Python, and others.
- Proficiency in MongoDB, Express.js, React, and Node.js is strongly preferred.
- Relevant certifications, such as Certified Secure Software Lifecycle Professional (CSSLP) or Certified Cloud Security Professional (CCSP), and AWS Cloud or Security Specialty are a plus.
- Strong knowledge of common application security vulnerabilities and mitigation techniques.
- Proficiency in security tools and practices, such as static and dynamic code analysis, fuzz testing, and threat modeling.
- Strong problem-solving and communication skills.
- Ability to collaborate effectively with cross-functional teams and communicate complex security concepts to non-technical stakeholders.
Education:
Bachelor’s degree preferred (Engineering, Computer Science, Information Systems, etc.) or equivalent experience
Position Type: This is a full-time position. Working hours are Monday through Friday, from 8:00 a.m. to 5:00 p.m., with in-office attendance required three times per week with the rest of the time being remote. More days in the office may be required as needed. Occasional after-hours coverage may be necessary.
Travel: Offsite training or meeting travel is estimated to be less than 5%.