Simplify Logo

Summer 2026

Application Security Intern

Very Good Security

Very Good Security

201-500 employees

Tokenization-based data security platform

Compensation Overview

$20/hr

No H1B Sponsorship

United States

Hybrid

Category
Software Engineering (1)
Required Skills
LLM
Kubernetes
Python
JavaScript
Git
Threat modeling
Java
Docker
Go
REST APIs
Requirements
  • Currently pursuing a degree in Computer Science, Cybersecurity, Software Engineering, or a related field, or have equivalent practical experience.
  • Foundational understanding of application security concepts such as the OWASP Top 10, API security, authentication and authorization, secure coding, and common software vulnerabilities.
  • Ability to read and reason about code in one or more programming languages such as Java, Python, JavaScript, or Go.
  • Familiarity with Git, the software development lifecycle, and basic testing or debugging workflows.
  • Strong interest in secure software design, cloud-native architectures, and automation.
  • Strong written and verbal communication skills, with the ability to explain technical issues clearly to both security and engineering stakeholders.
  • Curious, collaborative, and excited to learn how security can enable developers rather than slow them down.
  • Bonus points if you have exposure to LLMs, threat modeling, Burp Suite, SAST/DAST tools, CI/CD pipelines, Docker/Kubernetes, or cloud environments.
Responsibilities
  • Support application security reviews for services, APIs, and new product features across the VGS platform.
  • Help identify, validate, and track security findings from static analysis, dependency scanning, container scanning, and other security testing tools.
  • Participate in threat modeling and secure design discussions with engineering teams during feature development.
  • Help evaluate the security of AI-enabled development workflows, including internal AI systems integrated into the SDLC, by thinking like both an attacker and a defender to identify risks and improve guardrails.
  • Assist with manual testing and validation of web application and API security issues, including access control, authentication, input validation, and secrets handling.
  • Help improve secure SDLC processes by contributing to developer guidance, secure coding resources, and repeatable review checklists.
  • Work with engineers to understand remediation options and clearly document security risks and recommendations.
  • Contribute to improving security tooling and guardrails in CI/CD and development workflows.
  • Be proactive and innovative; we rely on your feedback to help build a world-class product securely.
  • Be a part of a team that believes in transparency, collaboration, grit, and humility, and in doing the right thing for our customers and the company.
Very Good Security

Very Good Security

View
Website

Very Good Security provides a security infrastructure that helps businesses protect sensitive data and stay compliant, so product teams can focus on building features. Its Vault stores data securely and its Tokenization API replaces sensitive information with tokens that preserve meaning without exposing data. It also offers Payment Optimization products to help store payment and PII data, cut fees, and reduce vendor lock-in while increasing transaction volume. Its pricing scales from free to higher tiers as needs grow, and its goal is to simplify product development by handling data security and compliance workloads.

Company Size

201-500

Company Stage

Series C

Total Funding

$103.5M

Headquarters

San Francisco, California

Founded

2015

Simplify Jobs

Simplify's Take

What believers are saying

  • Agentic commerce creates demand for trusted tokenized payment infrastructure.
  • The Onafriq partnership expands card-reveal and issuance use cases across Africa.
  • Expanded Plaid integration strengthens tokenization demand around bank-linked financial data.

What critics are saying

  • Visa and Mastercard can standardize network tokens, compressing VGS's core value.
  • Plaid or AWS can bundle tokenization, underpricing VGS in fintech stacks.
  • A vault outage or compromise would halt customer payments and destroy trust.

What makes Very Good Security unique

  • VGS tokenizes sensitive data, keeping raw payment credentials off customer systems.
  • Its Zero Data platform decouples compliance-heavy storage from application workflows.
  • VGS now targets agentic commerce through Visa, Mastercard, and OpenAI partnerships.

Help us improve and share your feedback! Did you find this helpful?

Your Connections

People at Very Good Security who can refer or advise you

Benefits

Health Insurance

Unlimited Paid Time Off

Flexible Work Hours

Stock Options

401(k) Retirement Plan

401(k) Company Match

Life Insurance

Disability Insurance

Health Savings Account/Flexible Spending Account

Parental Leave

Phone/Internet Stipend

Home Office Stipend

Professional Development Budget

Growth & Insights and Company News

Headcount

6 month growth

-1%

1 year growth

-1%

2 year growth

0%
Very Good Security
Mar 9th, 2026
Inside Agent Connect: Connecting the Humans Behind Agents

Inside Agent Connect: connecting the humans behind agents. March 9, 2026 * home * blog * inside Agent Connect: connecting the humans behind agents. On March 3rd in San Francisco, VGS hosted its first-ever Agent Connect, a dedicated event to exploring the rapidly advancing world of agentic commerce and payments. As AI agents begin to browse, decide, and transact on behalf of users and businesses, the infrastructure powering commerce and payments must evolve just as quickly. Agent Connect was designed to bring together the builders shaping that future. Agent Connect was also featured on UBS's recent Agentic Commerce Thoughts, highlighting the growing momentum behind the emerging space. Very Good Security, Inc. were thrilled to welcome close to 350 attendees from across the fintech, payments, AI, and commerce ecosystems. Thank you to everyone who joined Very Good Security, Inc. and helped make the inaugural Agent Connect such an energizing and thoughtful gathering. Very Good Security, Inc. were proud to convene an extraordinary group of leaders from OpenAI, Instacart, Visa, PayPal, Stripe, Mastercard, Shopify, and more to dig into what it truly takes to enable seamless, trusted, agent-ready transactions. Across a series of forward-looking sessions, speakers explored how to: * design commerce experiences for AI-first journeys * unlock the next wave of B2B payments driven by agents * modernize payment rails for agent-readiness * understand merchants' perspective and needs when it comes to AI and shopping * and establish the protocols, roles, and global standards needed for interoperable agents. Beyond the stage, Agent Connect created space for meaningful connection. By bringing together the brightest minds in fintech and commerce, Agent Connect allowed everyone to collaborate, challenge assumptions, and build the foundation for autonomous transactions. This inaugural gathering marked the beginning of an important conversation: how Very Good Security, Inc. power the agentic economy with trust at its core. You might also be interested in... Data Security Back it Up, Baby Very Good Security, Inc. has all been there. In college, Very Good Security, Inc. lost the killer ending of its thesis. At work, Very Good Security, Inc. could not find its quarterly results. And right now, Very Good Security, Inc. is sure that Very Good Security, Inc. went on vacation in 2016, but Very Good Security, Inc. cannot remember where - because that was several phones ago. Fortunately, due to the miracle of autosaves, cloud storage, and more, such data loss happens less often than it used to. March 31, 2022 Agentic commerce is no longer theoretical. AI-powered agents are already researching products, comparing prices, and completing transactions on behalf of consumers. For merchants, this shift is bigger than just a new channel. It fundamentally changes how identity, intent and risk are established and managed. February 23, 2026 With agentic commerce, payments are no longer confined to a single checkout page or even a single platform. As merchants expand into the agentic commerce channel and the customer journey evolves, the ability to securely accept and manage payment credentials has become a core part of building a resilient revenue strategy. February 11, 2026

Very Good Security
Jul 7th, 2025
VGS Announces Agentic Commerce Payments Toolkit

VGS is actively partnering with the networks, including Visa and Mastercard, to build agentic payment solutions, and working with VGS now ensures you can be the first to access agentic network tokens when they become available.

PYMNTS
Oct 1st, 2024
Missing Pieces: What The Pundits Get Wrong About The Doj Debit Interchange Lawsuit Against Visa

After listening to and scrolling through days of “expert” commentary about the lawsuit filed by the DOJ against Visa over debit interchange, I feel compelled to weigh in. Big headlines about big companies — especially concerning DOJ allegations of anticompetitive behaviors and lawsuits to signal they really mean it — bring everyone and anyone out of the woodwork. Social media gives everyone and anyone a platform to say anything they want. Facts seem to be an inconvenient detail

FF News
Jun 3rd, 2024
Vgs And Onafriq Partner For Security And Payments Innovation

VGS has announced a strategic partnership with Onafriq, Africa’s largest payments network, that is aimed at bolstering security and innovation for Fintechs across Africa and the Middle East. This partnership marks the culmination of a longstanding relationship between the two entities, with VGS serving as Onafriq’s trusted partner for PCI compliance and payment features.As a universal token vault provider, VGS specializes in securely collecting and storing payment card information on behalf of its clients, thus shielding them from PCI compliance liability and the inherent risks associated with handling sensitive data. This collaboration has empowered Onafriq and its fintech clientele to operate with enhanced security and peace of mind while focusing on driving innovation and delivering superior financial services to their customers.This partnership brings with it a host of important developments. Onafriq is set to implement VGS’s card reveal capability for its new “Credential Show” feature, which will apply to virtual cards and other card issuance features specifically tailored to fintech providers in Africa and the Middle East.The “Credential Show” feature is enabled for fintechs and financial institutions when they opt for this capability, together with card issuing APIs offered by Onafriq. This is where Onafriq and VGS securely collect and store PAN (Primary Account Number) data and display a complete card number, expiration date, and CVV to end-users upon their request. The process insulates Onafriq’s fintech clients from coming under compliance scope while offering user self-serve options and reducing customer service needs.Moreover, VGS and Onafriq are committed to exploring opportunities for product co-development and expanding the scope of payment acceptance use cases throughout Africa and the Middle East

Hakkoda, an IBM Company
Jan 23rd, 2024
How VGS Built a Streamlit App to Perform Tokenization in Snowflake

Historically, Very Good Security (VGS) has created a suite of tokenization products and services with a primary audience in the payment stack.