Am I assuming correctly that if I bind the VM to hardware network interfaces for WAN and LAN respectively it should behave and be similarly secure to a bare metal firewall?
Correct.
I did that in my old playground VMware stack. I'll leave you with my cautionary tale (though depending on the complexity of your network, it may not fully apply).
My pfSense (OPNsense didn't exist yet) firewall was a VM on my ESX server. I also had it managing all of my VLANs and firewall rules and everything was connected to distributed vSwitches in vmware.. Everything worked great until I lost power longer than my UPS could hold on and had to shut down.
Shutdown was fine, but the cold start left me in a chicken/egg situation. vSphere couldn't connect to the hypervisors because the firewall wasn't routing to them. I could log into the ESX host directly to start the pfSense VM, but since vSphere wasn't running, the distributed switches weren't up.
The moral is: If you virtualize your core firewall, make sure none of the virtualization layers depend on it. 😆