openripplingbvp
Staff Application Security Engineer
UniUni
LocationUnited States
WorkplaceREMOTE
EmploymentSALARIED_FT
Posted2026-04-28T14:01:18.301000-07:00
Last observed2026-06-29 02:03:30.718145
Job idbvp-uniuni:rippling:6ab8445a-1598-49ee-9e1c-680ed7da127e
About UniUni UniUni is a late-stage last-mile logistics company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security is central to how we operate and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to UniUni hubs). About the role We are hiring a Application Security Engineer to be the senior technical anchor for product and platform security at UniUni. You will set the bar for how we build secure software, embed security into our engineering pipelines, and harden our customer-facing products. You will spend your time shoulder-to-shoulder with engineering, not adjacent to it. This is a hands-on role. You will write code, review code, build tooling, and lead the technically hardest work across application security, DevSecOps and platform security, and product security. You will set standards that scale, but you will also dig into real systems to find real problems and ship real fixes. What you'll do Application Security Lead threat modeling on new and existing services, focusing on the systems where the risk is real and the architecture is in motion. Run our secure code review program, including the design of review playbooks, the hardest reviews yourself, and coaching engineers to catch issues earlier. Operate and tune our AppSec tooling stack across SAST, DAST, SCA, and secrets scanning, keeping signal high and noise low. Own the third-party penetration testing program in partnership with the ISO, from scoping through findings triage and fix verification. Drive standards for authentication, authorization, session management, and API security across our products, and engineer the hard parts yourself when needed. Platform Security and DevSecOps Embed security controls into our CI/CD pipelines so the secure path is the default path: pre-commit checks, build-time scans, signed artifacts, and policy-as-code gates. Harden our cloud workloads on AWS, including container and Kubernetes security, secrets management, and runtime protections. Codify infrastructure security baselines as IaC and policy (e.g., OPA/Conftest, AWS SCPs, Terraform guardrails) and own the rollout across the platform. Partner with the platform team on identity-aware access to infrastructure, including non-human identities, short-lived credentials, and privileged access patterns. Product Security Engineer enterprise SSO (SAML 2.0 and OpenID Connect) into customer-facing products in support of contractual security commitments to enterprise shippers. Set the technical direction for API security, including authentication, authorization, rate limiting, abuse prevention, and tenant isolation. Drive secure-by-default patterns for data handling in our products, including encryption, key management, and access controls for customer and operational data. Be the senior technical voice in customer security reviews when the questions go past what a questionnaire can answer. Across All of It Triage and lead response to application and platform security incidents, including root cause analysis and durable fixes. Mentor engineers on secure design and secure coding, and raise the security fluency of the engineering organization through training, office hours, and example. Contribute to ISO 27001 and SOC 2 evidence, control design, and audit readiness for the controls you operate. Qualifications 8+ building and securing production software, with the last several focused on application security, product security, or DevSecOps as your primary discipline. Deep, demonstrable software engineering ability. You read code fluently across multiple languages, you write production-quality code, and engineers respect your technical judgment. Hands-on experience securing AWS workloads at scale, including IAM
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.