Home › Companies › UniUni › Staff Application Security Engineer
Staff Application Security Engineer
UniUni · Canada · Remote · Active · Rippling ATS
Job facts
| Field | Value |
|---|---|
| Company | UniUni |
| Title | Staff Application Security Engineer |
| Normalized title | - |
| Department / team | Technology, Product & Design |
| Location | Canada |
| Work model | Remote / Remote |
| Employment type | Full Time |
| Salary | - |
| Status | active |
| ATS provider | Rippling ATS |
| Posted / first seen | 2026-04-28 / 2026-05-29 |
| Changed / last seen | 2026-06-06 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from UniUni. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Rippling ATS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| Department jobs | Active postings in Technology, Product & Design. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | UniUni |
| Source | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| ATS provider | Rippling ATS |
Description
company
About UniUni
UniUni is a late-stage last-mile logistics company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security is central to how we operate and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to UniUni hubs).
role
About the role
We are hiring a Application Security Engineer to be the senior technical anchor for product and platform security at UniUni. You will set the bar for how we build secure software, embed security into our engineering pipelines, and harden our customer-facing products. You will spend your time shoulder-to-shoulder with engineering, not adjacent to it. This is a hands-on role. You will write code, review code, build tooling, and lead the technically hardest work across application security, DevSecOps and platform security, and product security. You will set standards that scale, but you will also dig into real systems to find real problems and ship real fixes.
What you'll do
Application Security Lead threat modeling on new and existing services, focusing on the systems where the risk is real and the architecture is in motion. Run our secure code review program, including the design of review playbooks, the hardest reviews yourself, and coaching engineers to catch issues earlier. Operate and tune our AppSec tooling stack across SAST, DAST, SCA, and secrets scanning, keeping signal high and noise low. Own the third-party penetration testing program in partnership with the ISO, from scoping through findings triage and fix verification. Drive standards for authentication, authorization, session management, and API security across our products, and engineer the hard parts yourself when needed. Platform Security and DevSecOps
Embed security controls into our CI/CD pipelines so the secure path is the default path: pre-commit checks, build-time scans, signed artifacts, and policy-as-code gates. Harden our cloud workloads on AWS, including container and Kubernetes security, secrets management, and runtime protections. Codify infrastructure security baselines as IaC and policy (e.g., OPA/Conftest, AWS SCPs, Terraform guardrails) and own the rollout across the platform. Partner with the platform team on identity-aware access to infrastructure, including non-human identities, short-lived credentials, and privileged access patterns. Product Security
Engineer enterprise SSO (SAML 2.0 and OpenID Connect) into customer-facing products in support of contractual security commitments to enterprise shippers. Set the technical direction for API security, including authentication, authorization, rate limiting, abuse prevention, and tenant isolation. Drive secure-by-default patterns for data handling in our products, including encryption, key management, and access controls for customer and operational data. Be the senior technical voice in customer security reviews when the questions go past what a questionnaire can answer. Across All of It
Triage and lead response to application and platform security incidents, including root cause analysis and durable fixes. Mentor engineers on secure design and secure coding, and raise the security fluency of the engineering organization through training, office hours, and example. Contribute to ISO 27001 and SOC 2 evidence, control design, and audit readiness for the controls you operate. Qualifications
8+ building and securing production software, with the last several focused on application security, product security, or DevSecOps as your primary discipline. Deep, demonstrable software engineering ability. You read code fluently across multiple languages, you write production-quality code, and engineers respect your technical judgment. Hands-on experience securing AWS workloads at scale, including IAM, networking, container and Kubernetes security, and IaC (Terraform or equivalent). Working command of modern AppSec tooling (SAST, DAST, SCA, secrets scanning) and how to deploy it in a CI/CD pipeline without grinding delivery to a halt. Strong threat modeling skills and a track record of turning models into shipped controls. Practical experience implementing SAML 2.0 and OpenID Connect, and a clear mental model of identity, session, and authorization design Experience leading the technical response to security incidents in production environments. Ability to influence engineers and engineering leaders without authority. You explain risk in terms that engineers act on, and you partner rather than police. Nice to Have
Experience in logistics, supply chain, marketplaces, or other high-volume transactional businesses. Background contributing to or maintaining open source security tooling. Prior experience supporting ISO 27001 or SOC 2 control design from the engineering side. Offensive security background (CTFs, bug bounty, red team) that informs how you think about defense. Experience hardening LLM-integrated or AI-powered features in production. Why This Role
This is a senior IC role with real scope. You will set standards that the engineering organization actually adopts because you will have built them, shipped them, and proved they work. You will report to the Information Security Officer in a security function with executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation, and you will have the autonomy and the mandate to make UniUni's products and platform meaningfully more secure.
Full job record
| Job ID | 981c2f71dd791e4b843734389d4929e2361acb30 |
| Org ID | 262cb4c0-ea94-4203-8e83-dfbc641e7046 |
| Source ID | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| Board ID | cda69ecc-4622-4b2d-afc8-27a9620c31e8 |
| Provider | rippling |
| Provider Job Key | 6ab8445a-1598-49ee-9e1c-680ed7da127e |
| Title | Staff Application Security Engineer |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Canada |
| Department | Technology, Product & Design |
| Team | — |
| Employment Type | full_time |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | Canada |
| Region | — |
| City | — |
| Salary Raw | — |
| Salary Min | — |
| Salary Max | — |
| Salary Currency | — |
| Salary Period | — |
| Source URL | https://ats.rippling.com/uniuni/jobs/6ab8445a-1598-49ee-9e1c-680ed7da127e |
| Apply URL | https://ats.rippling.com/uniuni/jobs/6ab8445a-1598-49ee-9e1c-680ed7da127e |
| First Seen At | 2026-05-29 07:15:35Z |
| Last Seen At | 2026-06-06 08:45:55Z |
| Last Checked At | 2026-06-06 08:45:55Z |
| Last Changed At | 2026-06-06 08:45:55Z |
| Inactive At | — |
| Source Posted At | 2026-04-28 21:01:18Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=rippling/board=uniuni/date=2026-06-06/2026-06-06T08-45-51-996Z-ee38071e54f2b93a80e5cfe1504b68bd9167dc2cc21984a1f536cbe114acb31c.json |
Event Fields
{
"content_hash": "dfadc702679904002fa2428cc599f77dbe88039dd5173c1a14f738dc495a3157",
"source_hash": "4aea73bc10c3198200a06a22d4c34fd334722d3150578f7d9975c18f75390242",
"last_changed_at": "2026-06-06T08:45:55.939Z",
"active_status": "active"
}Parsed Structured
{
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T08:45:55.936Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en-us",
"location": {
"raw": "Canada",
"city": null,
"region": null,
"country": "Canada",
"is_remote": true,
"confidence": 0.98,
"workplace_type": "remote"
},
"countries": [
"Canada"
]
},
"remote_policy": "remote",
"salary_period": null,
"workplace_type": "remote",
"salary_currency": null
}Extensions
{}Native Structured
{
"list_job": {
"id": "6ab8445a-1598-49ee-9e1c-680ed7da127e",
"url": "https://ats.rippling.com/uniuni/jobs/6ab8445a-1598-49ee-9e1c-680ed7da127e",
"name": "Staff Application Security Engineer",
"language": "en-US",
"locations": [
{
"city": null,
"name": "Canada",
"state": null,
"country": "Canada",
"stateCode": null,
"countryCode": "CA",
"workplaceType": "REMOTE"
}
],
"department": {
"name": "Technology, Product & Design"
}
},
"detail_job": {
"url": "https://ats.rippling.com/uniuni/jobs/6ab8445a-1598-49ee-9e1c-680ed7da127e",
"name": "Staff Application Security Engineer",
"uuid": "6ab8445a-1598-49ee-9e1c-680ed7da127e",
"board": {
"logo": {
"url": "https://secured-assets.ripplingcdn.com/us1/ats/6834eb36f7f3cb49175b15d9/ats_public/6285ee53727b4dd08423dfef9761947b-sensitive.jpg?Expires=1780821955&Signature=hyrBYPWzN~xUGkZRaxxbCyOPrGAWdfAFRKWMmUMmdP353jsPXtAzLyg2-esjp3jFMd~HGmz9khtdTUD9t5yaZwdE2w284VAeyoIIG2cC10fkvVOdzH5L3raYkUSBBQskzlOOedrHCfS68~~Rq7j4BdG13m7QJHj-wr70RtbGerWpt6xyJbBBJ~fswy9xNZgd-mm8bHqAoJ2oM5yIhnJ5EmXyS9mK1OcAVMZKcgKVI95dpEQ47URwmiwStQoVTptLmDLCk5ns8JdsSp5skG7MZWx3oDnkOckAszN1~MbiC6-VtXrfX294ev-B-qFMdEThLAx4RZiJhuBJG42erjaRNA__&Key-Pair-Id=K2SM3GXN9F9XGM",
"name": "unilogo.jpg",
"type": "image/jpeg"
},
"slug": "uniuni",
"title": "UniUni Job Openings",
"banner": {
"url": null,
"name": "",
"type": ""
},
"boardURL": "https://ats.rippling.com/uniuni/jobs",
"fontType": null,
"subtitle": null,
"boardType": "RIPPLING",
"linkColor": "#101820",
"buttonColor": "#ff8f1c",
"legalNotice": "<meta name=\"rteConfig\" content=\"{"version":"0.376.0","producedBy":"block","themeName":"berry"}\"><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><span style=\"white-space:pre-wrap;\">uniuni.com</span></p>",
"buttonTextColor": null,
"noOpeningsMessage": null,
"groupJobsByLocation": false,
"showBoardLogoOnJobPost": true,
"showCompanyInfoUnderJobPost": false
},
"createdOn": "2026-04-28T14:01:18.301000-07:00",
"department": {
"name": "Technology, Product & Design",
"base_department": "Technology, Product & Design",
"department_tree": [
"Technology, Product & Design"
]
},
"companyName": "UniUni",
"description": {
"role": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">About the role</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:12pt;white-space:pre-wrap;\">We are hiring a Application Security Engineer to be the senior technical anchor for product and platform security at</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">UniUni. You will set the bar for how we build secure software, embed security into our engineering pipelines, and harden our customer-facing products. You will spend your time shoulder-to-shoulder with engineering, not</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">adjacent to</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">it.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><span style=\"font-size:12pt;white-space:pre-wrap;\">This is a hands-on role. You will write code, review code, build tooling, and lead the technically hardest work across application security,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">DevSecOps</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">and platform security, and product security. You will set standards that scale, but you will also dig into real systems to find real problems and ship real fixes.</span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">What you'll do</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Application Security</strong></b></li><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Lead threat modeling on new and existing services, focusing on the systems where the risk is</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">real</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">and the architecture is in motion.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Run our secure code review program, including the design of review playbooks, the hardest reviews yourself, and coaching engineers to catch issues earlier.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Operate and tune our AppSec tooling stack across SAST, DAST, SCA, and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">secrets</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">scanning, keeping signal high and noise low.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Own the third-party penetration testing program in partnership with the ISO, from scoping through</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">findings</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">triage and fix verification.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Drive standards for authentication, authorization, session management, and API security across our products, and engineer the hard parts yourself when needed.</span><span style=\"color:rgb(0,0,0);background-color:rgb(198,198,198);font-size:11pt;white-space:pre-wrap;\"> </span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Platform Security and</strong></b><span style=\"white-space:pre-wrap;\"> </span><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">DevSecOps</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Embed security controls into our CI/CD</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">pipelines</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">so the secure path is the default path: pre-commit checks, build-time scans, signed artifacts, and policy-as-code gates.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Harden our cloud workloads on AWS, including container and Kubernetes security,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">secrets</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">management, and runtime protections.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Codify infrastructure security</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">baselines</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">as</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">IaC</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">and policy (e.g., OPA/Conftest, AWS SCPs,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">Terraform</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">guardrails) and own the rollout across the platform.</span></li><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Partner with the platform team on identity-aware access to infrastructure, including non-human identities, short-lived credentials, and privileged access patterns.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Product Security</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Engineer enterprise SSO (SAML 2.0 and OpenID Connect) into customer-facing products in support of contractual security commitments to enterprise shippers.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Set the technical direction for API security, including authentication, authorization, rate limiting, abuse prevention, and tenant isolation.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Drive secure-by-default patterns for data handling in our products, including encryption, key management, and access controls for customer and operational data.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Be the senior technical voice in customer security reviews when the questions go past what a questionnaire can answer.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:14pt;white-space:pre-wrap;\">Across All of It</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Triage and lead response to application and platform security incidents, including root cause analysis and durable fixes.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Mentor</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">engineers on</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">secure design and secure</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">coding, and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">raise the security fluency of the engineering organization through training, office hours, and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">example.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Contribute to ISO 27001 and SOC 2 evidence, control design, and audit readiness for the controls you</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">operate.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">Qualifications</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:12pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">8+</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">building and securing production software, with the last several</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">focused on</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">application security, product security, or</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">DevSecOps</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">as your primary discipline.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Deep,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">demonstrable</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">software engineering ability. You read code fluently across multiple languages, you write production-quality code, and engineers respect your technical judgment.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Hands-on experience securing AWS workloads at scale, including IAM, networking,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">container</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">and Kubernetes security, and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">IaC</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">(Terraform or equivalent).</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Working command of modern AppSec tooling (SAST, DAST, SCA,</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">secrets</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">scanning) and how to deploy it in a CI/CD pipeline without grinding delivery to a halt.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Strong threat modeling skills and</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">a track record</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">of turning models into shipped controls.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Practical experience implementing SAML 2.0 and OpenID Connect, and a clear mental model of identity, session, and authorization design</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience leading the technical response to security incidents in production environments.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Ability to influence engineers and engineering leaders without authority. You explain risk in terms that engineers act on, and you partner rather than police.</span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:16pt;white-space:pre-wrap;\">Nice to Have</strong></b></p><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience in</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">logistics, supply</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">chain, marketplaces, or other high-volume transactional businesses.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Background contributing to or maintaining</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">open source</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:11pt;white-space:pre-wrap;\">security tooling.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Prior experience supporting ISO 27001 or SOC 2 control design from the engineering side.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Offensive security background (CTFs, bug bounty, red team) that informs how you think about defense.</span></li></ul><ul data-pattern=\"discCircleSquare\" data-depth=\"1\" style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;margin:8px 0px;line-height:1.6;padding:0px 0px 0px 32px;list-style-type:disc;\"><li style=\"font-size:11pt;margin:3px 0px;letter-spacing:0.25px;line-height:1.6;\"><span style=\"font-size:11pt;white-space:pre-wrap;\">Experience hardening LLM-integrated or AI-powered features in production.</span><span style=\"color:rgb(0,0,0);background-color:rgb(198,198,198);font-size:11pt;white-space:pre-wrap;\"> </span></li></ul><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><b><strong style=\"font-size:12pt;white-space:pre-wrap;\">Why This Role</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><span style=\"font-size:12pt;white-space:pre-wrap;\">This is a senior IC role with real scope.</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">You will set standards that the engineering organization actually adopts because you will have built them, shipped them, and proved they work.</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">You will report to the Information Security Officer in a security function with executive commitment, a live ISO 27001 certification, and an active SOC 2 Type II attestation, and you will have the autonomy and the mandate to make</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">UniUni's</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:12pt;white-space:pre-wrap;\">products and platform meaningfully more secure.</span></p>",
"company": "<meta><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;\"><b><strong style=\"font-size:18pt;white-space:pre-wrap;\">About UniUni</strong></b></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><span style=\"font-size:10pt;white-space:pre-wrap;\">UniUni</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">is a late-stage last-mile</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">logistics</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security is central to how we</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">operate</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">UniUni</span><span style=\"white-space:pre-wrap;\"> </span><span style=\"font-size:10pt;white-space:pre-wrap;\">hubs).</span><span style=\"color:rgb(0,0,0);background-color:rgb(198,198,198);font-size:10pt;white-space:pre-wrap;\"> </span></p><p style=\"font-family:"Basel Grotesk",Arial,sans-serif;font-size:11pt;font-weight:400;line-height:1.6;letter-spacing:0.25px;margin:4px 0px;padding:0px;text-align:justify;\"><br></p>"
},
"workLocations": [
"Remote (United States)",
"Canada"
],
"employmentType": {
"id": "Salaried, full-time",
"label": "SALARIED_FT"
},
"payRangeDetails": [],
"activeJobApplication": {
"basicQuestions": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldType": "FILE"
}
],
"customQuestions": {
"fields": [
{
"oid": "first_name",
"title": "First name",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "last_name",
"title": "Last name",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "email",
"title": "Email",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "pronouns",
"title": "Pronouns",
"required": false,
"fieldData": {},
"fieldType": "PRONOUN"
},
{
"oid": "current_company",
"title": "Current company",
"required": false,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "phone_number",
"title": "Phone number",
"required": true,
"fieldData": {},
"fieldType": "PHONE_NUMBER"
},
{
"oid": "location",
"title": "Location (city only)",
"required": true,
"fieldData": {},
"fieldType": "SHORT_ANSWER"
},
{
"oid": "resume",
"title": "Resume",
"required": true,
"fieldData": {},
"fieldType": "FILE"
},
{
"oid": "cover_letter",
"title": "Cover letter",
"required": false,
"fieldData": {},
"fieldType": "FILE"
}
]
},
"additionalQuestions": null
},
"hasAIEvaluationsEnabled": true,
"eeocQuestionnaireEnabled": true,
"applicationConfirmationTemplate": "68ae07f79d9850d51974d25d",
"eeocQuestionnaireEnabledForJobPost": true
},
"detail_meta": {
"url": "https://ats.rippling.com/api/v2/board/uniuni/jobs/6ab8445a-1598-49ee-9e1c-680ed7da127e",
"http_status": 200,
"content_type": "application/json",
"response_bytes": 30796
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/981c2f71dd791e4b843734389d4929e2361acb30?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/262cb4c0-ea94-4203-8e83-dfbc641e7046JSONGET https://api.bluedoor.sh/job-postings/v1/sources/cda69ecc-4622-4b2d-afc8-27a9620c31e8JSONGET https://api.bluedoor.sh/job-postings/v1/jobs/981c2f71dd791e4b843734389d4929e2361acb30/eventsJSON