
Director, Product Security

Unqork
Summary
Join Unqork as a Security Leader to spearhead the company's product security program. You will define the strategic roadmap for cloud and application security, aligning with business goals and risk tolerance. Lead the charge in securing Unqork's technology stack, championing cloud and application security best practices. Oversee the identification and remediation of security vulnerabilities, and review all feature and bug fix requests, ensuring security is foundational. Mentor and empower team members to deliver high-quality, secure solutions. Partner with cross-functional teams to embed security ownership and manage risk. Lead the product security aspects of incident response and remediation efforts.
Requirements
- 10+ years of progressive experience in information security, with at least 3-5 years in a leadership role managing product or application security teams
- Deep understanding of modern web application architectures (e.g., microservices, event-driven), cloud technologies (AWS, Azure, GCP), and secure coding principles
- Extensive experience with application security testing methodologies (SAST, DAST, SCA, penetration testing), vulnerability management, and common web application vulnerabilities (OWASP Top 10)
- Proven track record of building, leading, and motivating high-performing security teams, with strong mentorship and coaching abilities
- Demonstrated ability to define and execute security strategies, develop roadmaps, and translate complex technical concepts into actionable plans for various stakeholders
- Exceptional communication, presentation, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization
- Experience establishing and integrating security tooling into the product development lifecycle, including CI/CD pipelines, and driving automation efforts. This includes hands-on experience with tools like Semgrep, Dependabot, Qualys, and Lacework
Responsibilities
- Lead the charge in securing Unqork's technology stack
- Champion cloud and application security best practices and drive their adoption across Unqork's engineering organization
- Oversee the identification and remediation of security vulnerabilities
- Lead the review process for all feature and bug fix requests, ensuring security is a foundational element of our development lifecycle
- Be responsible for scoping and approving all security-related enhancements and bug fixes, ensuring they meet our rigorous standards
- Coach and empower team members to deliver high-quality, secure solutions and align with our core engineering practices
- Define the strategic roadmap for Unqork's product security program (cloud and application security), aligning with business goals and risk tolerance
- Mature our secure software development lifecycle (SDLC) by integrating security controls and tooling into our CI/CD pipelines and governing the security release process
- Drive the Secure Software Development Lifecycle (SSDLC), embedding security from design to deployment
- Conduct threat modeling and architectural security reviews for all applications, managing and maturing our SAST, DAST, and SCA tooling, and spearheading vulnerability remediation efforts
- Act as a subject matter expert, guiding development teams on secure coding practices and fostering a strong security culture across the organization
- Ensure adherence to regulatory requirements and industry best practices by defining and enforcing security policies and standards
- Manage our monthly FedRAMP continuous monitoring, maintaining cloud security policies in Lacework, and reviewing security notifications from AWS, GCP, and Azure
- Ensure our security controls and configurations are consistently applied and effective across our various cloud environments (e.g., AWS, Azure, GCP)
- Define, implement, and enforce product security policies, standards, and guidelines, ensuring adherence to regulatory requirements and industry best practices
- Partner with leadership in Security, Product, Engineering, and Legal to embed security ownership, drive architectural decisions, and manage risk
- Create secure design requirements and conducting security testing for new platform features and infrastructure changes
- Lead the product security aspects of incident response, guiding root cause analysis, driving remediation efforts, and implementing preventative measures
- Provide hands-on technical guidance and mentorship to an application security engineer, cloud security engineer, and security analyst fostering their growth and ensuring their work aligns with organizational goals
Preferred Qualifications
Relevant Certifications (Preferred): CISSP, CSSLP, CCSP, or other industry-recognized security certifications
Benefits
- Work from home with a remote-first community
- Unlimited PTO (and the encouragement to use it)
- Student loan payback program
- 100% employer-covered medical, dental, and vision options available to you and your dependents
- Flexible Spending Account (FSA)
- Monthly stipend toward your WFH setup, vacation, development and more
- Employer-sponsored 401(k) with contribution match
- Subsidized ClassPass Membership
- Generous Paid Parental Leave
Share this job:
Similar Remote Jobs

