Platform Security Engineer

United States (Remote Flexible)

Applications have closed

Unqork

Unqork's codeless development platform reshaping how organizations create, manage, and enhance enterprise software applications without the constraints of traditional coding.

View company page

Unqork is the no-code platform that's pioneering a new way for companies to build, deploy, and manage complex, enterprise-grade applications. At this moment, Fortune 100 companies are using Unqork to create and deliver software without writing a single line of code.

Gary Hoberman, former CIO of Metlife, founded Unqork in 2017 with a team of hand-picked industry professionals, and together we're creating a massive paradigm shift in the way software is built. If you want to have a hand in defining the future of application development, we want to hear from you.

The Opportunity:

As a Platform Security Engineer, you will work with the platform product and engineering team to securely architect security features in the platform, and in compliance with applicable customer requirements, compliance regulations, security standards, and laws. You will report to the Product Security Manager. Additionally, you will secure the SDLC of the platform. Responsibilities include:

  • Develop security solution MVPs to improve the security features and posture of the platform
  • Design and maintain a security unit testing framework in the Platform CI/CD
  • Research secure design patterns for the platform, and partner with the Platform team to integrate these patterns into development/platform pipelines
  • Review secure development procedures and security standards in partnership with the Platform team
  • Perform platform architecture and application threat modeling with the Platform team
  • Identify and reduce security risks through code reviews and penetration tests
  • Participate in purple team engagements
  • Recommend solutions and controls for previously identified vulnerabilities 

Who you are:

  • Passionate about Secure SDLC
  • Solid foundation and understanding of OWASP Top 10
  • Expertise in security engineering, security protocols, cryptography, and application security
  • You are constantly thinking about how to break an application
  • Communication in a supportive manner with software engineers or other stakeholders. Helping to not only identify security issues, but also provide guidance on solutions

What we're looking for:

  • 1 or more years of experience performing application security reviews - Including threat modeling, code review and dynamic security tests.
  • Experience integrating security into the CI/CD pipeline
  • Experience communicating business and technical risks to key stakeholders
  • Expertise in security engineering, system or network security, security protocols, cryptography, and application security.
  • Collaborate with teams across the organization to ensure Unqork applications are shipped out the door with no security issues
  • Have a level of technical curiosity, within the areas of security and business risk management
  • Knowledge of Secure SDLC Best Practices
  • Working knowledge of web application development and the OWASP Top 10
  • Understand the difference between AuthN and AuthZ
  • Working knowledge of cloud technology and infrastructure
  • Working knowledge of data security and data privacy regulations of financial, health and international data

Unqork is an equal opportunity employer, and proud to be committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.

Tags: Application security CI/CD Cloud Compliance Cryptography Network security OWASP Privacy Product security Risk management SDLC Vulnerabilities

Regions: Remote/Anywhere North America
Country: United States
Job stats:  45  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.