Unqork is an enterprise software company with a no-code platform that digitizes the entire client lifecycle & eliminates dependence on paper for financial services & insurance companies. The companys patent-pending technology uses AI & machine transcription for risk assessment & digitization, utilizing each clients existing product & underwriting rules, layered on top of legacy IT systems. The software-as-a-service (SaaS) technology creates custom client onboarding & servicing forms using a drag-and-drop interface which can be implemented within weeks instead of months unlike most hard-coded technology builds. The result is an easy to use & streamlined front-end agent & consumer experience that significantly reduces operational costs & eliminates errors while accelerating sales & business growth.
Some of the worlds largest insurance & financial companies use Unqork to define new business rules & deploy products/applications seamlessly & effortlessly without relying on costly development & maintenance of a code base. Gary Hoberman, former CIO of Metlife, founded Unqork in 2017 with a team of hand-picked industry professionals & has created an elegant paradigm shift in the way insurance & financial companies are able to operate.
The Information Security team at Unqork is committed to making our organization, products, & services as secure as possible. Product (Application) Security plays an integral role in defining the security narrative for the Product & Engineering teams, ensuring security is embedded into existing & new services Unqork launches. Product Security engineers use a pragmatic, empathetic, & timely approach to provide actionable advice while also considering the challenges in delivering high-quality products & services. Our mission is to enable Unqork's technology teams to safely & securely launch new initiatives & services promptly.
As the Lead Product Security Engineer, you will deeply understand the technology stack used at Unqork, & proactively identify & eliminate security vulnerabilities. Your focus is forward-facing, building tools & services that ensure the safety of the Unqork platform & its valued client data against commonly known attacks. You will lead within the Information Security team by scoping & reviewing enhancements & bug fix requests for potential security risks & testing services while mentoring your teammates to ensure they are delivering in line with our team culture & practices.
- Act as the technical security resource & within engineering & product teams
- Perform application threat modeling
- Create the ongoing application security documentation & guidelines for product engineers
- Coordinate & perform manual & automated code tests
- Assist & participate in application penetration tests & dynamic & static code scanning
- Perform ad-hoc application & code security scans
- Analyze, document, & educate the team on root causes of common security issues within the codebase, & how to avoid them
What were looking for:
- 7+ years of relevant work experience on an internal security team, working either on the offensive or defensive sides of security
- Deep knowledge & experience focused on cloud technologies & hosting environments includingAWS, Azure, & GCP
- Experience working with Veracode Security tools,Metasploit, Burp Suite, fuzzing, & Jenkins strongly preferred
- You're an engineer by trade, & have previous experience working within modern web development languages/frameworks: AngularJS, ReactJS, Python, MVC frameworks, microservices, & event-driven architectures
- You have a demonstrated ability to understand & discover attack surfaces, navigate the source code comfortably, & keep your finger on the pulse of commonly known attacks such as cross-site scripting (XSS) & remote code execution (RCE)
- Deep knowledge of cryptographic & ability to guide the organizational do's & donts
- Experience implementing security tooling & solutions in the product lifecycle, including security tooling for the CI/CD pipeline
Unqork is an equal opportunity employer, & proud to be committed to diversity & inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.