VGS is the world's leader in payment tokenization. Large banks, aspiring fintechs, and growing merchants embed our universal token vault into their technology stack to manage the complexities of payment data tokenization across processors and networks, open banking, card issuance, omnichannel loyalty, PCI compliance, payment orchestration, and more. We empower our clients and partners by tokenizing sensitive payment data, limiting compliance scope, and consolidating payments to unlock revenue and business opportunities.
VGS provides processor-agnostic tokenization solutions via secure universal token vaults, iframes, mobile SDKs, tokenization proxies, APIs, and data orchestration tooling to support payment acceptance, card issuance, PII and bank account tokenization, and other payments value-added services. Some of the use cases we enable include multi-processor Network Tokenization, Account Updater, payment orchestration, secure settlement file processing, 3DS, and Risk provider connectivity.
We are looking for a curious, motivated Application Security Intern to help us build secure products and development practices at VGS. In this role, you will partner with security and engineering teams to evaluate application risk, improve secure software development workflows, and help developers ship software safely in an environment that handles highly sensitive payment and identity data.
You will likely be successful in this role if you identify with the following traits: attention to detail, problem solver, customer-oriented, versatile, resilient, and eager to learn. If all of this sounds interesting to you, we’d love to hear from you.
Support application security reviews for services, APIs, and new product features across the VGS platform.
Help identify, validate, and track security findings from static analysis, dependency scanning, container scanning, and other security testing tools.
Participate in threat modeling and secure design discussions with engineering teams during feature development.
Help evaluate the security of AI-enabled development workflows, including internal AI systems integrated into the SDLC, by thinking like both an attacker and a defender to identify risks and improve guardrails.
Assist with manual testing and validation of web application and API security issues, including access control, authentication, input validation, and secrets handling.
Help improve secure SDLC processes by contributing to developer guidance, secure coding resources, and repeatable review checklists.
Work with engineers to understand remediation options and clearly document security risks and recommendations.
Contribute to improving security tooling and guardrails in CI/CD and development workflows.
Be proactive and innovative; we rely on your feedback to help build a world-class product securely.
Be a part of a team that believes in transparency, collaboration, grit, and humility, and in doing the right thing for our customers and the company.
Currently pursuing a degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or have equivalent practical experience.
Foundational understanding of application security concepts such as the OWASP Top 10, API security, authentication and authorization, secure coding, and common software vulnerabilities.
Ability to read and reason about code in one or more programming languages such as Java, Python, JavaScript, or Go.
Familiarity with Git, the software development lifecycle, and basic testing or debugging workflows.
Strong interest in secure software design, cloud-native architectures, and automation.
Strong written and verbal communication skills, with the ability to explain technical issues clearly to both security and engineering stakeholders.
Curious, collaborative, and excited to learn how security can enable developers rather than slow them down.
Bonus points if you have exposure to LLMs, threat modeling, Burp Suite, SAST/DAST tools, CI/CD pipelines, Docker/Kubernetes, or cloud environments.
At VGS, we have a remote-first philosophy because we believe flexibility leads to great work and a healthy work-life balance. That said, if you live within 30 miles of one of our office locations, you’ll be on a hybrid schedule with some in-person time, because we know there’s real value in coming together.
We’re not about being in the office every day, but we are about connection, collaboration, and the energy that comes from a great brainstorm, a team lunch, or celebrating a big win in person.
We consider applicants without regard to race, color, national origin, sex, age, religion, sexual orientation, gender identity, veteran status, marital status, physical or mental disability, or other protected classes under all local, state, and federal laws and ordinances (AA/EOE/W/M/Vet/Disabled).
Qualified applicants with arrest and conviction records will be considered for the position in accordance with the San Francisco Fair Chance Ordinance.
Visa Sponsorship The Company does not provide visa sponsorship for this role. Candidates must be legally authorized to work in the United States at the time of hire and throughout their employment. Individuals with temporary visas such as E, F-1 (including those with OPT or CPT), H-1, H-2, L-1, B, J, or TN, or who need sponsorship for work authorization now or in the future, are not eligible.
Please note we are currently only hiring in the following states...
California, Colorado, Connecticut, Florida, Illinois, New York, North Carolina, Oregon, Texas, Virginia, and Washington
Founded in 2015, VGS is the world's leader in payment tokenization and a trusted credential management platform, depended on by Fortune 500 companies, merchants, fintechs, and banks alike. Our mission is to revolutionize the way sensitive data is stored and secured, enabling organizations to manage information across cards, bank accounts, and digital wallets with ease.
VGS stores sensitive data and tackles critical payment acceptance challenges such as multi-PSP management, card issuance, payment orchestration enablement, PCI compliance, and the protection of personally identifiable information (PII). We provide our clients with complete ownership, control, and insights into their payment data, driving growth and enhancing user experiences across industries.
VGS offers a comprehensive suite of solutions, including a composable Card Management Platform, a PCI-compliant Vault, and advanced network value-added services such as Network Tokens, Account Updater, and Card Attributes. Our innovative technologies empower businesses to boost revenue through higher authorization rates, reduce fraud, and streamline operations—all while seamlessly integrating with existing tech stacks.
At VGS, we're not just securing payments—we're empowering businesses to unlock new possibilities in the ever-evolving payment landscape.
