Support application security reviews for services, APIs, and new product features across the VGS platform.
Help identify, validate, and track security findings from static analysis, dependency scanning, container scanning, and other security testing tools.
Participate in threat modeling and secure design discussions with engineering teams during feature development.
Help evaluate the security of AI-enabled development workflows, including internal AI systems integrated into the SDLC, by thinking like both an attacker and a defender to identify risks and improve guardrails.
Assist with manual testing and validation of web application and API security issues, including access control, authentication, input validation, and secrets handling.
Help improve secure SDLC processes by contributing to developer guidance, secure coding resources, and repeatable review checklists.
Work with engineers to understand remediation options and clearly document security risks and recommendations.
Contribute to improving security tooling and guardrails in CI/CD and development workflows.
Be proactive and innovative; we rely on your feedback to help build a world-class product securely.
Be a part of a team that believes in transparency, collaboration, grit, and humility, and in doing the right thing for our customers and the company.

Requirements

Currently pursuing a degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or have equivalent practical experience.
Foundational understanding of application security concepts such as the OWASP Top 10, API security, authentication and authorization, secure coding, and common software vulnerabilities.
Ability to read and reason about code in one or more programming languages such as Java, Python, JavaScript, or Go.
Familiarity with Git, the software development lifecycle, and basic testing or debugging workflows.
Strong interest in secure software design, cloud-native architectures, and automation.
Strong written and verbal communication skills, with the ability to explain technical issues clearly to both security and engineering stakeholders.
Curious, collaborative, and excited to learn how security can enable developers rather than slow them down.
Bonus points if you have exposure to LLMs, threat modeling, Burp Suite, SAST/DAST tools, CI/CD pipelines, Docker/Kubernetes, or cloud environments.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securityOWASP Top 10API securityauthenticationauthorizationsecure codingJavaPythonJavaScriptGo

Soft Skills

written communicationverbal communicationcollaborationcuriosityinnovationtransparencygrithumility