Platform Security Engineer
United States (Remote Flexible)
Unqork
Unqork's codeless development platform reshaping how organizations create, manage, and enhance enterprise software applications without the constraints of traditional coding.Unqork is the no-code platform that's pioneering a new way for companies to build, deploy, and manage complex, enterprise-grade applications. At this moment, Fortune 100 companies are using Unqork to create and deliver software without writing a single line of code.
Gary Hoberman, former CIO of Metlife, founded Unqork in 2017 with a team of hand-picked industry professionals, and together we're creating a massive paradigm shift in the way software is built. If you want to have a hand in defining the future of application development, we want to hear from you.
The Opportunity:
As a Platform Security Engineer, you will work with the platform product and engineering team to securely architect security features in the platform, and in compliance with applicable customer requirements, compliance regulations, security standards, and laws. You will report to the Product Security Manager. Additionally, you will secure the SDLC of the platform. Responsibilities include:
- Develop security solution MVPs to improve the security features and posture of the platform
- Design and maintain a security unit testing framework in the Platform CI/CD
- Research secure design patterns for the platform, and partner with the Platform team to integrate these patterns into development/platform pipelines
- Review secure development procedures and security standards in partnership with the Platform team
- Perform platform architecture and application threat modeling with the Platform team
- Identify and reduce security risks through code reviews and penetration tests
- Participate in purple team engagements
- Recommend solutions and controls for previously identified vulnerabilities
Who you are:
- Passionate about Secure SDLC
- Solid foundation and understanding of OWASP Top 10
- Expertise in security engineering, security protocols, cryptography, and application security
- You are constantly thinking about how to break an application
- Communication in a supportive manner with software engineers or other stakeholders. Helping to not only identify security issues, but also provide guidance on solutions
What we're looking for:
- 1 or more years of experience performing application security reviews - Including threat modeling, code review and dynamic security tests.
- Experience integrating security into the CI/CD pipeline
- Experience communicating business and technical risks to key stakeholders
- Expertise in security engineering, system or network security, security protocols, cryptography, and application security.
- Collaborate with teams across the organization to ensure Unqork applications are shipped out the door with no security issues
- Have a level of technical curiosity, within the areas of security and business risk management
- Knowledge of Secure SDLC Best Practices
- Working knowledge of web application development and the OWASP Top 10
- Understand the difference between AuthN and AuthZ
- Working knowledge of cloud technology and infrastructure
- Working knowledge of data security and data privacy regulations of financial, health and international data
Unqork is an equal opportunity employer, and proud to be committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.
Tags: Application security CI/CD Cloud Compliance Cryptography Network security OWASP Privacy Product security Risk management SDLC Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs