Platform Security Engineer
Unqork is a new way to build enterprise software: it's a purely visual, drag-and-drop no-code platform designed to support the scale, complexity and security that enterprise applications require. Our customers are leaders in insurance, financial services, healthcare and the public sector, and they use Unqork to build custom software faster, with higher quality and at lower costs than code-based approaches. Founded in 2017, Unqork reached unicorn status in 2020, with a valuation of $2B. Unqork has been named one of the Best Startup Employers by Forbes, Best Places to Work by Built In and one of LinkedIn's Top Startups.
Responsibilities:
- You will report to the Product Security Manager.
- You will secure the SDLC of the platform.
- Develop security solution MVPs to improve the security features and posture of the platform.
- You will design a security unit testing framework in the Platform CI/CD.
- Research secure design patterns for the platform, and partner with the Platform team to integrate these patterns into development/platform pipelines.
- You will review secure development procedures and security standards in partnership with the Platform team.
- Perform platform architecture and application threat modeling with the Platform team.
- You will identify and reduce security risks through code reviews and penetration tests.
- Participate in purple team engagements.
- Recommend solutions and controls for previously identified vulnerabilities.
Qualifications:
- 1 or more years of experience performing application security reviews - Including threat modeling, code review and dynamic security tests.
- Experience integrating security into the CI/CD pipeline.
- Experience communicating business and technical risks to partners.
- Expertise in security engineering, system or network security, security protocols, cryptography, and application security.
- Work with teams across the organization to ensure Unqork applications are shipped out the door with no security issues.
- Knowledge of Secure SDLC Best Practices.
- Working knowledge of web application development and the OWASP Top 10.
- Understand the difference between AuthN and AuthZ.
- Working knowledge of cloud technology and infrastructure.
- Working knowledge of data security and data privacy regulations of financial, health and international data.
Unqork is an equal opportunity employer, and proud to be committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.