Principal Security Architect at Unqork
Unqork is a new way to build enterprise software: it's a purely visual, drag-and-drop no-code platform designed to support the scale, complexity and security that enterprise applications require. Our customers are leaders in insurance, financial services, healthcare and the public sector, and they use Unqork to build custom software faster, with higher quality and at lower costs than code-based approaches. Founded in 2017, Unqork reached unicorn status in 2020, with a valuation of $2B. Unqork has been named one of the Best Startup Employers by Forbes, Best Places to Work by Built In and one of LinkedIn's Top Startups.
- You will report to Head of Product Security.
- Integrate with engineering camps and help Unqork engineers by developing secure architecture patterns, best practices, and guard rails.
- You will assess the architecture of the Unqork platform and supporting components and infrastructure by evaluating business strategies and requirements while evaluating security considerations of risks and mitigating controls.
- You will build and document platform and component security documentation (security UML sequence diagrams, threat models, component knowledge bases) to build the 'state of security' for the Unqork platform.
- Influence the direction of the landscape of product security through development and collaboration with engineering and security leadership.
- You will mentor others in security concepts and practices and provide expertise and stewardship to foster security champions within the engineering teams to grow the culture of security.
- Solid foundation of secure and modern SDLC practices (architecture review, attack surface analysis and threat modeling, vulnerability analysis).
- Knowledge of microservice architecture, APIs, and cloud services (AWS, Azure, GCP).
- Understanding of MEAN/MERN stacks (MongoDB, Express, Angular/React, and NodeJS) and their security implications as it relates to the Unqork platform.
- Knowledge of Infrastructure as Code (IaC) practices (terraform, cloudformation).
- Solid, real-world experience of container-based orchestration through Kubernetes.
- Experience with web application security threats, exploits, prevention (NoSQL Injection, XSS, CSRF, SSRF, platform hardening, etc).
- Knowledge of common security tools and practices; including static code analysis, dynamic application scanning, software composition analysis (SAST, DAST, SCA, or IAST).
- Practical knowledge of cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc).
- Working knowledge of data security and data privacy regulations of financial, health, governmental and international data.
- Experience operating in agile environments.
Unqork is an equal opportunity employer, and proud to be committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.