Key skills
PythonAILLMNode.jsCI/CDCommunicationOWASPPenetration Testing
About this role
Unqork empowers enterprises to accelerate growth by rapidly building, testing, and running applications designed to be AI-native. The role involves securing Unqork's technology stack by implementing application security best practices, conducting vulnerability assessments, and fostering a culture of Security by Design.
Responsibilities:
- Perform deep-dive manual penetration testing and security assessments on web applications to identify flaws beyond the reach of automated tools
- Triage and manage results from SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) tools, reducing false positives and prioritizing critical risks
- Conduct thorough security code reviews of Node.js applications to identify logic flaws, injection vulnerabilities, and broken access controls
- Develop Python scripts to automate repetitive security tasks, integrate security checks into CI/CD pipelines, and enhance our internal security tooling
- Act as a security consultant for developers, tracking vulnerabilities from discovery through to successful remediation and verification
- Stay current with the OWASP Top 10 and other industry frameworks to ensure our defense strategies evolve with the threat landscape
Requirements:
- 5+ years in Application Security, Pentesting, or Security Engineering
- Expert knowledge of the OWASP Top 10 and common web attack vectors (XSS, SQLi, SSRF, etc.). Must be able to explain the root cause and remediation of all OWASP vulnerabilities
- Experience with testing AI/LLM applications, with a deep understanding of all OWASP LLM Top 10 vulnerabilities
- Proficiency in reading and auditing Node.js code; ability to write automation scripts in Python
- Experience with Burp Suite Professional, OWASP ZAP, and commercial SAST/DAST/SCA platforms
- Excellent communication skills with the ability to explain complex security concepts to non-security stakeholders