Director, Product Security

at Unqork
๐Ÿ’ฐ $170k-$238k
๐Ÿ‡บ๐Ÿ‡ธ United States - Remote
๐Ÿ”’ Cybersecurity๐Ÿ”ด Director

Job description

Unqork empowers enterprises to accelerate growth by rapidly building, testing, and running AI-powered applications that embody the future of enterprise development. Trusted by the worldโ€™s largest organizations in highly regulated industries, these applications become more secure over time while significantly reducing technical debtโ€”allowing businesses to focus on innovation rather than maintenance. Unqorkโ€™s customers include Goldman Sachs, Marsh, BlackRock, and the U.S. Department of Health and Human Services.

At Unqork, we value inclusive and innovative thinkers who boldly challenge the status quo. We encourage you to apply!

The Impact U will make:

You will lead the charge in securing Unqork’s technology stack. You will champion cloud and application security best practices and drive their adoption across Unqork’s engineering organization. You’ll leverage your deep technical expertise to oversee the identification and remediation of security vulnerabilities. In this role, you will lead the review process for all feature and bug fix requests, ensuring security is a foundational element of our development lifecycle. You will be responsible for scoping and approving all security-related enhancements and bug fixes, ensuring they meet our rigorous standards. As a mentor, you’ll coach and empower team members to deliver high-quality, secure solutions and align with our core engineering practices..

  • Strategic Leadership and Secure SDLC: You will define the strategic roadmap for Unqork’s product security program (cloud and application security), aligning with business goals and risk tolerance. You’ll mature our secure software development lifecycle (SDLC) by integrating security controls and tooling into our CI/CD pipelines and governing the security release process.
  • Application Security: You will drive the Secure Software Development Lifecycle (SSDLC), embedding security from design to deployment. This includes conducting threat modeling and architectural security reviews for all applications, managing and maturing our SAST, DAST, and SCA tooling, and spearheading vulnerability remediation efforts. You’ll act as a subject matter expert, guiding development teams on secure coding practices and fostering a strong security culture across the organization.
  • Cloud Security: You will ensure adherence to regulatory requirements and industry best practices by defining and enforcing security policies and standards. This involves managing our monthly FedRAMP continuous monitoring, maintaining cloud security policies in Lacework, and reviewing security notifications from AWS, GCP, and Azure.ย  You will ensure our security controls and configurations are consistently applied and effective across our various cloud environments (e.g., AWS, Azure, GCP).
  • Policy, Standards & Compliance: Define, implement, and enforce product security policies, standards, and guidelines, ensuring adherence to regulatory requirements and industry best practices.
  • Cross-Functional Collaboration: You will partner with leadership in Security, Product, Engineering, and Legal to embed security ownership, drive architectural decisions, and manage risk. This includes creating secure design requirements and conducting security testing for new platform features and infrastructure changes.
  • Incident Response & Remediation: Lead the product security aspects of incident response, guiding root cause analysis, driving remediation efforts, and implementing preventative measures.
  • Technical Leadership: You will provide hands-on technical guidance and mentorship to an application security engineer, cloud security engineer, and security analyst fostering their growth and ensuring their work aligns with organizational goals.

What U bring:

  • 10+ years of progressive experience in information security, with at least 3-5 years in a leadership role managing product or application security teams.
  • Deep understanding of modern web application architectures (e.g., microservices, event-driven), cloud technologies (AWS, Azure, GCP), and secure coding principles.
  • Extensive experience with application security testing methodologies (SAST, DAST, SCA, penetration testing), vulnerability management, and common web application vulnerabilities (OWASP Top 10).
  • Proven track record of building, leading, and motivating high-performing security teams, with strong mentorship and coaching abilities.
  • Demonstrated ability to define and execute security strategies, develop roadmaps, and translate complex technical concepts into actionable plans for various stakeholders.
  • Exceptional communication, presentation, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization.
  • Experience establishing and integrating security tooling into the product development lifecycle, including CI/CD pipelines, and driving automation efforts. This includes hands-on experience with tools like Semgrep, Dependabot, Qualys, and Lacework.
  • Relevant Certifications (Preferred): CISSP, CSSLP, CCSP, or other industry-recognized security certifications.

Compensation, Benefits, & Perks

๐Ÿ’ป Work from home with a remote-first community

๐Ÿ Unlimited PTO (and the encouragement to use it)

๐Ÿ“ Student loan payback program

๐Ÿฅ 100% employer-covered medical, dental, and vision options available to you and your dependents

๐Ÿ’ธ Flexible Spending Account (FSA)

๐Ÿ  Monthly stipend toward your WFH setup, vacation, development and more

๐Ÿ’ฐ Employer-sponsored 401(k) with contribution match

๐Ÿ‹๐Ÿปโ€โ™€๏ธ Subsidized ClassPass Membership

๐Ÿผ Generous Paid Parental Leave

๐Ÿ’ฒ Hiring Ranges:

  • Tier 1: $190,000 - $238,000 base salary
  • Tier 2: $170,000 - $214,000 base salary

Unqork employs a market-driven approach to establish compensation ranges. In addition to a base salary, employees may also be eligible to receive a target incentive and company equity in the form of stock options.

An employeeโ€™s compensation within the range provided above depends on a variety of factors including, but not limited to, their location, role, skillset, level of experience, and similar peer salaries.

As a remote-first company, Unqork incorporates a geographic differential into our compensation structure, depending on the candidateโ€™s location. We utilize a tiered systemโ€”Tier 1 and Tier 2โ€”to accurately reflect local market rates and ensure our compensation packages are both fair and competitive.

Our geographic tiers are defined as follows:

  • Tier 1: New York Metro, Seattle Metro, San Francisco Bay Area
  • Tier 2: All other US and US territory locations

Unqork embraces a culture of security and privacy awareness by consistently safeguarding sensitive information, adhering to company policies, and actively participating in training and initiatives to protect our data and the privacy of our stakeholders.

Unqork is an equal opportunity employer. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age.

#LI-AR1

Share this job:
Please let Unqork know you found this job on Remote First Jobs ๐Ÿ™

Similar Remote Jobs

Latest Jobs at Unqork

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service ๐Ÿ™

Apply