Director, Product Security

Unqork empowers enterprises to accelerate growth by rapidly building, testing, and running AI-powered applications that embody the future of enterprise development. Trusted by the world’s largest organizations in highly regulated industries, these applications become more secure over time while significantly reducing technical debt—allowing businesses to focus on innovation rather than maintenance. Unqork’s customers include Goldman Sachs, Marsh, BlackRock, and the U.S. Department of Health and Human Services. 

At Unqork, we value inclusive and innovative thinkers who boldly challenge the status quo. We encourage you to apply! 

The Impact U will make:

You will lead the charge in securing Unqork's technology stack. You will champion cloud and application security best practices and drive their adoption across Unqork's engineering organization. You'll leverage your deep technical expertise to oversee the identification and remediation of security vulnerabilities. In this role, you will lead the review process for all feature and bug fix requests, ensuring security is a foundational element of our development lifecycle. You will be responsible for scoping and approving all security-related enhancements and bug fixes, ensuring they meet our rigorous standards. As a mentor, you'll coach and empower team members to deliver high-quality, secure solutions and align with our core engineering practices..

• Strategic Leadership and Secure SDLC: You will define the strategic roadmap for Unqork's product security program (cloud and application security), aligning with business goals and risk tolerance. You'll mature our secure software development lifecycle (SDLC) by integrating security controls and tooling into our CI/CD pipelines and governing the security release process. 
• Application Security: You will drive the Secure Software Development Lifecycle (SSDLC), embedding security from design to deployment. This includes conducting threat modeling and architectural security reviews for all applications, managing and maturing our SAST, DAST, and SCA tooling, and spearheading vulnerability remediation efforts. You'll act as a subject matter expert, guiding development teams on secure coding practices and fostering a strong security culture across the organization.
• Cloud Security: You will ensure adherence to regulatory requirements and industry best practices by defining and enforcing security policies and standards. This involves managing our monthly FedRAMP continuous monitoring, maintaining cloud security policies in Lacework, and reviewing security notifications from AWS, GCP, and Azure.  You will ensure our security controls and configurations are consistently applied and effective across our various cloud environments (e.g., AWS, Azure, GCP).
• Policy, Standards & Compliance: Define, implement, and enforce product security policies, standards, and guidelines, ensuring adherence to regulatory requirements and industry best practices.
• Cross-Functional Collaboration: You will partner with leadership in Security, Product, Engineering, and Legal to embed security ownership, drive architectural decisions, and manage risk. This includes creating secure design requirements and conducting security testing for new platform features and infrastructure changes. 
• Incident Response & Remediation: Lead the product security aspects of incident response, guiding root cause analysis, driving remediation efforts, and implementing preventative measures.
• Technical Leadership: You will provide hands-on technical guidance and mentorship to an application security engineer, cloud security engineer, and security analyst fostering their growth and ensuring their work aligns with organizational goals. 

What U bring:

• 10+ years of progressive experience in information security, with at least 3-5 years in a leadership role managing product or application security teams.
• Deep understanding of modern web application architectures (e.g., microservices, event-driven), cloud technologies (AWS, Azure, GCP), and secure coding principles.
• Extensive experience with application security testing methodologies (SAST, DAST, SCA, penetration testing), vulnerability management, and common web application vulnerabilities (OWASP Top 10).
• Proven track record of building, leading, and motivating high-performing security teams, with strong mentorship and coaching abilities.
• Demonstrated ability to define and execute security strategies, develop roadmaps, and translate complex technical concepts into actionable plans for various stakeholders.
• Exceptional communication, presentation, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
• Experience establishing and integrating security tooling into the product development lifecycle, including CI/CD pipelines, and driving automation efforts. This includes hands-on experience with tools like Semgrep, Dependabot, Qualys, and Lacework.
• Relevant Certifications (Preferred): CISSP, CSSLP, CCSP, or other industry-recognized security certifications.

Compensation, Benefits, & Perks

💻 Work from home with a remote-first community

🏝 Unlimited PTO (and the encouragement to use it)

📝 Student loan payback program

🏥 100% employer-covered medical, dental, and vision options available to you and your dependents

💸 Flexible Spending Account (FSA)

🏠 Monthly stipend toward your WFH setup, vacation, development and more

💰 Employer-sponsored 401(k) with contribution match

🏋🏻‍♀️ Subsidized ClassPass Membership

🍼 Generous Paid Parental Leave 

💲 Hiring Ranges:

• Tier 1: $190,000 - $238,000 base salary
• Tier 2: $170,000 - $214,000 base salary

Unqork employs a market-driven approach to establish compensation ranges. In addition to a base salary, employees may also be eligible to receive a target incentive and company equity in the form of stock options.

An employee’s compensation within the range provided above depends on a variety of factors including, but not limited to, their location, role, skillset, level of experience, and similar peer salaries.

As a remote-first company, Unqork incorporates a geographic differential into our compensation structure, depending on the candidate’s location. We utilize a tiered system—Tier 1 and Tier 2—to accurately reflect local market rates and ensure our compensation packages are both fair and competitive.
Our geographic tiers are defined as follows: 

• Tier 1: New York Metro, Seattle Metro, San Francisco Bay Area 
• Tier 2: All other US and US territory locations 

Unqork embraces a culture of security and privacy awareness by consistently safeguarding sensitive information, adhering to company policies, and actively participating in training and initiatives to protect our data and the privacy of our stakeholders. 

Unqork is an equal opportunity employer. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.

#LI-AR1