Unqork is the no-code platform that’s pioneering a new way for companies to build, deploy, and manage complex, enterprise-grade applications. At this moment, Fortune 100 companies are using Unqork to create and deliver software without writing a single line of code.
Gary Hoberman, former CIO of Metlife, founded Unqork in 2017 with a team of hand-picked industry professionals, and together we’re creating a massive paradigm shift in the way software is built. If you want to have a hand in defining the future of application development, we want to hear from you.
As a Platform Security Engineer, you will work with the platform product and engineering team to securely architect security features in the platform, and in compliance with applicable customer requirements, compliance regulations, security standards, and laws. You will report to the Product Security Manager. Additionally, you will secure the SDLC of the platform. Responsibilities include:
- Develop security solution MVPs to improve the security features and posture of the platform
- Design and maintain a security unit testing framework in the Platform CI/CD
- Research secure design patterns for the platform, and partner with the Platform team to integrate these patterns into development/platform pipelines
- Review secure development procedures and security standards in partnership with the Platform team
- Perform platform architecture and application threat modeling with the Platform team
- Identify and reduce security risks through code reviews and penetration tests
- Participate in purple team engagements
- Recommend solutions and controls for previously identified vulnerabilities
Who you are:
- Passionate about Secure SDLC
- Solid foundation and understanding of OWASP Top 10
- Expertise in security engineering, security protocols, cryptography, and application security
- You are constantly thinking about how to break an application
- Communication in a supportive manner with software engineers or other stakeholders. Helping to not only identify security issues, but also provide guidance on solutions
What we’re looking for:
- 1 or more years of experience performing application security reviews – Including threat modeling, code review and dynamic security tests.
- Experience integrating security into the CI/CD pipeline
- Experience communicating business and technical risks to key stakeholders
- Expertise in security engineering, system or network security, security protocols, cryptography, and application security.
- Collaborate with teams across the organization to ensure Unqork applications are shipped out the door with no security issues
- Have a level of technical curiosity, within the areas of security and business risk management
- Knowledge of Secure SDLC Best Practices
- Working knowledge of web application development and the OWASP Top 10
- Understand the difference between AuthN and AuthZ
- Working knowledge of cloud technology and infrastructure
- Working knowledge of data security and data privacy regulations of financial, health and international data