The Oklahoma Times

collapse
Home / Technology / Veracode Inc. Senior Application Security Engineer

Veracode Inc. Senior Application Security Engineer

Jul 11, 2026  Twila Rosenbaum 19 views
Veracode Inc. Senior Application Security Engineer

Introduction to Veracode Inc.

Veracode Inc., headquartered in Burlington, Massachusetts, is a premier provider of application security testing (AST) solutions. Founded in 2006, Veracode has established itself as a cornerstone of the global cybersecurity landscape, serving over 2,500 customers across industries including finance, healthcare, retail, and technology. The company's cloud-based platform empowers organizations to identify, manage, and remediate vulnerabilities throughout the software development lifecycle, integrating seamlessly with modern DevOps pipelines. Recognized consistently as a Leader in Gartner's Magic Quadrant for Application Security Testing, Veracode combines static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing into a unified solution. With a workforce exceeding 1,400 employees and a presence in North America, Europe, and Asia-Pacific, Veracode is synonymous with innovation in securing code at scale. The company's reputation is built on a foundation of rigorous research, including the annual State of Software Security report, which provides data-driven insights into vulnerability trends. For enterprises seeking to embed security without slowing development, Veracode offers a proven path to continuous compliance and risk reduction.

Company History and Business Evolution

Veracode was founded in 2006 by Christien Rioux and others with a vision to make software security accessible and automated. The company quickly gained traction by introducing ‘Software Security as a Service,’ delivering analysis through the cloud—a revolutionary concept at the time. In 2007, Veracode raised $5 million in Series A funding, followed by a $20 million Series B round led by Rho Ventures. A pivotal milestone occurred in 2009 when Veracode acquired Ounce Labs, a leading static analysis provider, significantly enhancing its SAST capabilities. The acquisition accelerated Veracode’s market share and expanded its intellectual property portfolio. Throughout the 2010s, Veracode continued to innovate: launching Software Composition Analysis (SCA) for open-source security in 2015, integrating with major CI/CD tools like Jenkins and GitHub, and releasing the Veracode Container Security solution in 2018. In 2020, Veracode was acquired by Broadcom for approximately $900 million, providing resources for global expansion. Under Broadcom, Veracode has maintained its brand autonomy while benefiting from enterprise-grade sales and support infrastructure. The company has also made strategic acquisitions like Gazzang (2015) and WhiteHat Security (2022), the latter adding dynamic analysis and a professional services arm. Today, Veracode processes over 500 billion lines of code annually and supports more than 100 programming languages and frameworks. The company’s evolution reflects a relentless focus on reducing false positives, improving developer experience, and enabling security governance across complex organizations.

Veracode Inc. at a Glance

  • Headquarters: Burlington, Massachusetts, USA
  • Founded: 2006
  • CEO: Sam King (as of 2024)
  • Revenue: Estimated $300 million (2023)
  • Employees: ~1,400
  • Industry: Cybersecurity – Application Security Testing (AST)
  • Parent Company: Broadcom Inc. (since 2020)
  • Key Products: Veracode Static Analysis (SAST), Veracode Dynamic Analysis (DAST), Veracode Software Composition Analysis (SCA), Veracode Container Security, VeracodeFix, VeracodeConnect
  • Customers: Over 2,500 enterprises globally
  • Languages Supported: 100+ including Java, .NET, Python, JavaScript, Go, Ruby, C/C++
  • Compliance Standards: PCI DSS, HIPAA, GDPR, ISO 27001, SOC 2, FedRAMP
  • Awards: Gartner Peer Insights Customers’ Choice (2020–2024), Forrester Wave Leader, 2023 SC Awards Best Application Security Solution
  • Global Offices: Burlington, MA; San Francisco, CA; Amsterdam, Netherlands; Tokyo, Japan; Bangalore, India
  • Scan Volume: >500 billion lines of code analyzed
  • Developer Community: Over 1 million registered developers
  • Training & Certification: Veracode Security Labs, Veracode Certified Developer program
  • Partnerships: AWS, Azure, Google Cloud, Atlassian, GitHub, GitLab, Jenkins, Docker, Kubernetes
  • Market Position: Recognized as a Leader in Gartner MQ for AST for 11 consecutive years
  • R&D Focus: Machine learning for vulnerability prioritization, container security, API security testing
  • Social Impact: Veracode Foundation supports cybersecurity education for underrepresented groups

Mission, Vision, and Core Corporate Values

Veracode’s mission is to secure the world’s software by making application security fast, accurate, and easy to adopt. The company envisions a future where security is an integral part of every development process, not an afterthought. Core values include Innovation – constantly pushing the boundaries of automated analysis; Integrity – providing transparent, honest vulnerability assessments; Customer Obsession – solving real problems for developers and security teams; Collaboration – fostering open communication across teams and with the community; and Diversity & Inclusion – building a workforce that reflects the global nature of cybersecurity. These values guide decision-making, product design, and employee engagement, creating a culture of continuous improvement and ethical responsibility.

Business Strategy and Future Roadmap

Veracode’s strategy centers on three pillars: Platform Expansion, Developer Experience, and AI-Driven Security. The company aims to unify all application security testing into a single cloud interface, reducing tool sprawl and simplifying compliance. Investment in developer-first workflows—such as providing remediation guidance directly in IDE plugins and pull requests—ensures that security fits naturally into Agile and DevOps processes. Looking forward, Veracode is integrating machine learning to prioritize vulnerabilities based on exploit probability and business context, reducing alert fatigue. The roadmap includes deeper support for API security, infrastructure-as-code scanning, and runtime protection via sidecar technology. Additionally, Veracode is expanding its partner ecosystem to serve mid-market and SMB segments through channel partners and cloud marketplaces (AWS, Azure, Google Cloud). The company also plans to grow its managed services offering, providing on-demand penetration testing and triage for organizations with limited security resources. Sustainability is emerging as a priority, with efforts to optimize cloud scanning to reduce energy consumption. Overall, Veracode is positioning itself as the essential layer in the software supply chain security stack, especially with emerging regulations like the US Executive Order on Cybersecurity and the European Cyber Resilience Act.

Products, Technologies, and Services

Veracode offers a comprehensive suite of application security testing tools designed to cover every stage of development:

  • Veracode Static Analysis (SAST): Scans source code and binaries for vulnerabilities without requiring access to source code, supporting over 100 languages. Uses patented machine learning to reduce false positives.
  • Veracode Dynamic Analysis (DAST): Scans running web applications and APIs for vulnerabilities like SQL injection, XSS, and authentication flaws. Provides results within hours.
  • Veracode Software Composition Analysis (SCA): Identifies open-source components with known vulnerabilities, licensing risks, and outdated libraries. Integrated with dependency managers.
  • Veracode Container Security: Scans container images for vulnerabilities in base images and application code, integrating with Docker, Kubernetes, and registries.
  • Veracode Fix: Uses generative AI to suggest code patches for common vulnerabilities, accelerating remediation for developers.
  • Veracode Connect: API-first integration platform enabling custom workflows and CI/CD pipeline integration.
  • Manual Penetration Testing: On-demand or scheduled manual testing by Veracode’s certified security experts.
  • Veracode Security Labs: Hands-on training and labs to upskill developers in secure coding practices.

Technologically, Veracode leverages a cloud-native architecture that scales elastically across multi-cloud environments. Its patent-pending ‘A2’ engine combines symbolic execution and taint analysis for high accuracy. The platform processes billions of lines of code daily, providing near-real-time feedback. Veracode’s API-first design allows organizations to embed scanning into their custom toolchains, supporting everything from mainframe code (COBOL) to modern microservices in Go and Rust.

Industries and Markets Served

Veracode serves a diverse range of industries where application security is critical:

  • Financial Services: Banks, insurance, fintech companies use Veracode for PCI DSS compliance and to secure mobile banking apps.
  • Healthcare: Hospitals and health-tech firms rely on Veracode to protect patient data and meet HIPAA requirements.
  • Government & Defense: Federal agencies and contractors leverage Veracode for FedRAMP-authorised security testing.
  • Retail & E-commerce: Securing payment gateways, customer portals, and supply chain applications.
  • Technology & SaaS: Software companies embed Veracode into their dev cycles to ship secure products faster.
  • Manufacturing & Critical Infrastructure: Protecting industrial control systems and IoT devices with embedded software.
  • Education: Universities use Veracode to secure student portals and research platforms.

Geographically, North America represents 60% of revenue, followed by Europe (25%) and Asia-Pacific (15%). The company is actively expanding in Latin America and the Middle East through partnerships.

Leadership and Management Philosophy

Veracode’s leadership team combines deep security expertise with enterprise software acumen. CEO Sam King, appointed in 2020, previously served as General Manager of Symantec’s enterprise security business. CTO Dr. Gary O’Connor leads the research team that publishes the annual State of Software Security report. The management philosophy emphasizes radical transparency – regular all-hands meetings with open Q&A, outcome-driven engineering, and customer empathy – every engineer spends time with customers annually. The executive team has a strong track record of promoting from within, with several VPs starting as individual contributors. Veracode’s board includes experienced cybersecurity investors and technical advisors. The company also maintains a Security Advisory Board comprising CISOs from major banks, tech firms, and government agencies to guide product strategy.

Corporate Events, Conferences, and Community Engagement

Veracode is a prominent participant in industry events:

  • Veracode Connect User Conference (annual) – Brings together customers, partners, and security professionals for product updates and best practices.
  • RSA Conference – Keynote and booth presence, often featuring live hacking demonstrations.
  • Black Hat USA – Showcases research on vulnerability trends.
  • OWASP AppSec Global – Active sponsor and contributor.
  • Community Engagement: Veracode Foundation awards grants to nonprofits teaching cybersecurity skills to underrepresented groups. Employees volunteer at local STEM events and participate in hackathons. The company also runs the Veracode Security Academy offering free secure coding courses to universities.

Employees and Workplace Culture

Veracode fosters a culture that values innovation, diversity, and work-life balance. Employees enjoy flexible remote and hybrid options, with offices designed for collaboration. The company provides generous benefits including:

  • Medical, dental, and vision insurance with 100% premium coverage for individuals
  • Unlimited paid time off (PTO)
  • 401(k) match up to 5%
  • Annual learning budget of $3,000 per employee
  • Four weeks of paid parental leave
  • Employee Resource Groups (ERGs) for Women in Security, LGBTQ+, Black Employees, and Veterans

Employee feedback on Glassdoor (4.1/5) praises transparent communication and meaningful work, while noting occasional bureaucracy due to Broadcom integration. Indeed reviews (4.0/5) highlight good compensation and supportive managers. The company has been named a ‘Best Place to Work’ by the Boston Business Journal multiple times. Turnover is below industry average, with average tenure of 4.2 years.

Job Details & Requirements for this Posting

Position: Senior Application Security Engineer

Veracode is seeking an experienced application security engineer to join our product security team. In this role, you will collaborate with product development teams to embed security into Veracode’s own software and also help customers implement best practices. You will be responsible for conducting threat modeling, code reviews, and security testing of cloud-native applications and APIs. This is a fully remote, full-time position reporting to the Director of Application Security.

Responsibilities

  • Perform in-depth security assessments of Veracode’s SaaS platform, including web apps, APIs, and backend services
  • Conduct threat modeling exercises using STRIDE and PASTA methodologies
  • Develop and maintain security test automation frameworks integrated into CI/CD pipelines
  • Collaborate with engineering teams to remediate vulnerabilities and provide secure coding guidance
  • Lead security design reviews for new features and infrastructure changes
  • Contribute to the internal security champion program through training and mentorship
  • Participate in incident response activities related to application security
  • Stay current with evolving threats in cloud security, containerization, and supply chain attacks

Qualifications

  • 5+ years experience in application security or software engineering with a security focus
  • Deep understanding of OWASP Top 10, CWE, SANS Top 25
  • Hands-on experience with SAST, DAST, and SCA tools (Veracode experience is a plus)
  • Proficiency in at least one programming language: Python, Java, Go, or .NET
  • Experience with cloud platforms (AWS, Azure, GCP) and container technologies (Docker, Kubernetes)
  • Knowledge of authentication and authorization protocols (OAuth2, SAML, OpenID Connect)
  • Excellent written and verbal communication skills
  • Relevant certifications such as CISSP, OSCP, or GWAPT preferred

Why Join Veracode?

As the leader in application security, you will work on cutting-edge problems alongside world-class engineers and security researchers. Veracode invests heavily in employee development, offering tuition reimbursement, conference attendance, and internal mobility. You’ll have the opportunity to influence product direction and shape the security of thousands of applications worldwide. Additionally, Veracode’s commitment to diversity and inclusion ensures a supportive environment where your voice matters. Competitive compensation includes base salary, annual bonus eligibility, and equity participation through Broadcom’s stock program.

Customer Reviews and Industry Reputation

Veracode enjoys a strong reputation in the cybersecurity community, backed by thousands of user reviews across multiple platforms. Below we analyze feedback from major review sites.

Glassdoor

Veracode holds a 4.1 out of 5 on Glassdoor, based on over 800 reviews. Common praises include “great culture of innovation,” “work-life balance is respected,” and “meaningful work that actually protects people.” Some criticism points to “slow career progression” and “bureaucracy after Broadcom acquisition.” Overall, 85% of employees would recommend Veracode to a friend, and the CEO approval rating is 92%.

Indeed

On Indeed, Veracode scores 4.0 out of 5. Reviewers highlight “competitive salary and benefits,” “collaborative team environment,” and “opportunity to learn from experts.” Negative mentions occasionally cite “on-call rotations” and “complex internal tools.” Many reviewers note that Veracode’s core mission makes the work feel purposeful.

Gartner Peer Insights

Veracode is consistently a “Customers’ Choice” on Gartner Peer Insights, with an average rating of 4.5/5. Users from enterprises with >10,000 employees rate it even higher (4.7). They love the “accuracy of findings,” “ease of integration,” and “quality of support.” A typical comment: “Veracode helped us reduce false positives by 60% compared to our previous tool.” About 5% of reviews note that the pricing can be high for smaller companies, but the ROI is justified for large-scale deployments.

Trustpilot

Veracode has a Trustpilot score of 4.3 (Excellent), with users praising the platform’s simplicity and the responsiveness of customer success managers. Some reviewers mention issues with UI complexity when configuring policies, but ongoing enhancements address that. The company actively responds to all reviews, showing commitment to user satisfaction.

G2

On G2, Veracode is rated 4.1 out of 5, positioned in the “Leader” quadrant for Application Security Testing. Users appreciate the breadth of coverage across SAST, DAST, and SCA. The most commonly mentioned alternative is Checkmarx; reviewers say Veracode offers better cloud scalability and easier onboarding. The G2 grid shows Veracode has a high satisfaction rating (91%) and a market presence score of 95.

Google Reviews

Veracode’s corporate Google profile shows a 4.4 rating, primarily from customers and partners. Reviews often highlight the quality of professional services and the thoroughness of penetration testing reports. Negative comments are rare but occasionally point to slow API response times during peak usage, which the company addresses through infrastructure scaling.

LinkedIn Reputation

Veracode’s LinkedIn page has over 120,000 followers and engagement rates well above industry average (3% organic reach). Employees frequently share thought leadership content, and the company is recognized as a “LinkedIn Top Company” in cybersecurity. Many posts highlight diversity initiatives, new research, and career opportunities. The page serves as a hub for industry news and recruitment.

Why Organizations Choose Veracode Inc.

Organizations choose Veracode for a combination of factors: accuracy and speed – the platform delivers highly precise results with low false positives, often scanning millions of lines of code in minutes; comprehensive coverage – SAST, DAST, SCA, and container security in one integrated solution; developer-friendly workflow – integrations with all major CI/CD tools and IDEs, plus actionable remediation guidance; compliance readiness – support for over 30 regulatory frameworks out of the box; proven scalability – trusted by the world’s largest banks and retailers to secure billions of lines of code; continuous innovation – AI-powered features like Veracode Fix and machine learning prioritization; excellent support – dedicated customer success teams and 24/7 technical support; strong ecosystem – partnerships with cloud providers, DevOps tool vendors, and MSSPs. Furthermore, Veracode’s annual State of Software Security report provides unique industry benchmarks, helping organizations justify security investments to boards. The company’s FedRAMP authorization ensures suitability for government clients. Ultimately, Veracode offers a balance of power and simplicity that reduces risk without slowing innovation.

Official Contact Information

For inquiries and assistance, please reach out to Veracode Inc. using the following contact details:

100 River Street, Burlington, MA 01803, USA
Contact Number: +1 (781) 425-1760
Support Number: +1 (866) 637-2633
Helpdesk Number: +1 (800) 637-2633
Website: www.veracode.com

Official Social Media Presence

SEO FAQ Section

1. What is Veracode Inc. known for?

Veracode Inc. is known for its cloud-based application security testing platform that helps organizations find and fix vulnerabilities in software quickly. It is a leader in SAST, DAST, SCA, and container scanning.

2. Where is Veracode Inc. headquartered?

Veracode Inc. is headquartered in Burlington, Massachusetts, USA, with additional offices worldwide.

3. Who is the CEO of Veracode Inc.?

Sam King is the CEO of Veracode Inc., leading the company since 2020.

4. When was Veracode Inc. founded?

Veracode Inc. was founded in 2006.

5. Is Veracode Inc. part of Broadcom?

Yes, Veracode Inc. was acquired by Broadcom Inc. in 2020 and operates as an independent business unit.

6. What products does Veracode Inc. offer?

Veracode Inc. offers Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA), Container Security, Veracode Fix, and manual penetration testing.

7. How many employees does Veracode Inc. have?

Veracode Inc. employs approximately 1,400 people globally.

8. What industries does Veracode Inc. serve?

Veracode Inc. serves financial services, healthcare, government, retail, technology, manufacturing, and education sectors.

9. Does Veracode Inc. support remote work?

Yes, Veracode Inc. supports flexible remote and hybrid work arrangements for many roles.

10. What certifications does Veracode Inc. hold?

Veracode Inc. is FedRAMP authorized, SOC 2 Type II, ISO 27001 certified, and compliant with PCI DSS, HIPAA, and GDPR.

11. How does Veracode Inc. compare to other security tools?

Veracode Inc. is consistently ranked as a Leader in Gartner Magic Quadrant for AST, known for low false positives, comprehensive coverage, and developer-friendly integrations.

12. What is the annual revenue of Veracode Inc.?

Veracode Inc. generates estimated annual revenue of around $300 million.

13. Does Veracode Inc. offer training?

Yes, Veracode Inc. provides Security Labs for developers and a Certified Developer program.

14. Can Veracode Inc. be integrated with Jenkins?

Absolutely, Veracode Inc. offers native plugins for Jenkins, GitHub, GitLab, Azure DevOps, and many other CI/CD tools.

15. What programming languages does Veracode Inc. support?

Veracode Inc. supports over 100 languages including Java, .NET, Python, JavaScript, Go, Ruby, C/C++, and more.

16. Is Veracode Inc. used by large enterprises?

Yes, Veracode Inc. is trusted by over 2,500 customers, including many Fortune 500 companies.

17. How does Veracode Inc. ensure data security?

Veracode Inc. encrypts data in transit and at rest, undergoes regular third-party audits, and adheres to strict security policies.

18. Does Veracode Inc. have a free trial?

Veracode Inc. offers a free trial for its platform, allowing organizations to scan their applications and evaluate results.

19. What is the mission of Veracode Inc.?

The mission of Veracode Inc. is to secure the world’s software by making application security fast, accurate, and easy to adopt.

20. How can I apply for a job at Veracode Inc.?

Job openings at Veracode Inc. are posted on the company’s careers page at veracode.com/careers.

Veracode Inc. remains at the forefront of application security, consistently delivering innovative solutions that protect the digital ecosystem. For businesses seeking to enhance their security posture, a partnership with Veracode offers access to industry-leading technology and expertise. Organizations can learn more about application security best practices and explore additional resources such as Guest Post Outreach Services to amplify their thought leadership in cybersecurity. By visiting Veracode’s official website, you can discover how the platform integrates with your development pipelines and get started on a journey toward secure software delivery.


Share:

Your experience on this site will be improved by allowing cookies Cookie Policy