Unqork

Director, Product Security

Unqork

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $190,000 - $238,000 per year

Job Level

Lead

Tech Stack

AWSAzureCloudGoogle Cloud PlatformMicroservicesSDLC

About the role

  • Lead the charge in securing Unqork's technology stack. You will champion cloud and application security best practices and drive their adoption across Unqork's engineering organization. You'll leverage your deep technical expertise to oversee the identification and remediation of security vulnerabilities. In this role, you will lead the review process for all feature and bug fix requests, ensuring security is a foundational element of our development lifecycle. You will be responsible for scoping and approving all security-related enhancements and bug fixes, ensuring they meet our rigorous standards. As a mentor, you'll coach and empower team members to deliver high-quality, secure solutions and align with our core engineering practices.
  • Strategic Leadership and Secure SDLC: define the strategic roadmap for Unqork's product security program (cloud and application security), aligning with business goals and risk tolerance. You'll mature our secure software development lifecycle (SDLC) by integrating security controls and tooling into our CI/CD pipelines and governing the security release process.
  • Application Security: You will drive the Secure Software Development Lifecycle (SSDLC), embedding security from design to deployment. This includes conducting threat modeling and architectural security reviews for all applications, managing and maturing our SAST, DAST, and SCA tooling, and spearheading vulnerability remediation efforts. You'll act as a subject matter expert, guiding development teams on secure coding practices and fostering a strong security culture across the organization.
  • Cloud Security: You will ensure adherence to regulatory requirements and industry best practices by defining and enforcing security policies and standards. This involves managing our monthly FedRAMP continuous monitoring, maintaining cloud security policies in Lacework, and reviewing security notifications from AWS, GCP, and Azure. You will ensure our security controls and configurations are consistently applied and effective across our various cloud environments (e.g., AWS, Azure, GCP).
  • Policy, Standards & Compliance: Define, implement, and enforce product security policies, standards, and guidelines, ensuring adherence to regulatory requirements and industry best practices.
  • Cross-Functional Collaboration: You will partner with leadership in Security, Product, Engineering, and Legal to embed security ownership, drive architectural decisions, and manage risk. This includes creating secure design requirements and conducting security testing for new platform features and infrastructure changes.
  • Incident Response & Remediation: Lead the product security aspects of incident response, guiding root cause analysis, driving remediation efforts, and implementing preventative measures.
  • Technical Leadership: You will provide hands-on technical guidance and mentorship to an application security engineer, cloud security engineer, and security analyst fostering their growth and ensuring their work aligns with organizational goals.

Requirements

  • 10+ years of progressive experience in information security, with at least 3-5 years in a leadership role managing product or application security teams.
  • Deep understanding of modern web application architectures (e.g., microservices, event-driven), cloud technologies (AWS, Azure, GCP), and secure coding principles.
  • Extensive experience with application security testing methodologies (SAST, DAST, SCA, penetration testing), vulnerability management, and common web application vulnerabilities (OWASP Top 10).
  • Proven track record of building, leading, and motivating high-performing security teams, with strong mentorship and coaching abilities.
  • Demonstrated ability to define and execute security strategies, develop roadmaps, and translate complex technical concepts into actionable plans for various stakeholders.
  • Exceptional communication, presentation, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
  • Experience establishing and integrating security tooling into the product development lifecycle, including CI/CD pipelines, and driving automation efforts. This includes hands-on experience with tools like Semgrep, Dependabot, Qualys, and Lacework.
  • Relevant Certifications (Preferred): CISSP, CSSLP, CCSP, or other industry-recognized security certifications.