Application Security Engineer

Unqork is a new way to build enterprise software: it's a purely visual, drag-and-drop no-code platform designed to support the scale, complexity and security that enterprise applications require. Our customers are leaders in insurance, financial services, healthcare and the public sector, and they use Unqork to build custom software faster, with higher quality and at lower costs than code-based approaches. Founded in 2017, Unqork reached unicorn status in 2020, with a valuation of $2B. Unqork has been named one of the Best Startup Employers by Forbes, Best Places to Work by Built In and one of LinkedIn's Top Startups.

Responsibilities:

• You will report to the Chief Information Security Officer.
• Conduct architecture and configuration assessments on no-code applications built on Unqork.
• Leverage automated and manual security tools to identify security vulnerabilities prior to applications being promoted to production.
• Build and/or enhance automated tools to scale application security in a no-code environment.
• Maintain an offensive mindset while building and validating threat models.
• Conduct manual penetration testing, synthesizing the results and steps to mitigate.
• Partner with Solution Architects to ensure mitigations are appropriately achieved.

Qualifications:

• Understanding of web application security threats, exploits, and prevention (NoSQL injection, XSS, CSRF, SSRF, etc).
• Understanding of API vulnerabilities and how to address them.
• Ability to triage, reproduce, and recommend remediation for vulnerabilities.
• Knowledge of tools including static code analysis and dynamic application scanning tools (SAST, DAST, etc).

Unqork is an equal opportunity employer, and proud to be committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.