CookUnity
Senior Application Security Engineer
Job Summary
This role involves leading application security efforts through assessments, code reviews, and penetration testing on applications built with Kotlin, Java, and TypeScript. The candidate will collaborate with engineering teams to enforce secure coding standards, integrate security into CI/CD pipelines, and promote security best practices. Requirements include extensive experience in application security, familiarity with industry standards like OWASP and NIST, and proficiency with security testing tools and secure development practices. The position offers flexible benefits, remote work options, and opportunities for professional development.
Required Skills
Benefits
Job Description
Food has lost its soul to modern convenience. And with it, has lost the power to nourish, inspire, and connect us. So in 2018, CookUnity was founded as the first-of-its-kind platform that connects the world with the source of truly great food: chefs. Today, CookUnity delivers 35 million meals a year from the industry’s best chefs to homes all over the country. Fresh. Ready-to-eat. And crafted with the passion that nourishes body and soul.
Unwilling to stop there, CookUnity is expanding beyond delivery to become an ever-innovating marketplace focused on our singular mission: empower Chefs to nourish the world.
If that mission has you hungry in more ways than one, you’ve found the right job posting.
The Role:
Become a founding member of the Application Security team at CookUnity. You’ll work closely with disparate groups inside of CookUnity’s engineering organization, ranging from our Infrastrcuture and Software Engineering teams to ensure were free from high risk vulnerabilities but also building secure by design solutions.
Responsibilities:
- Lead application security efforts by performing security assessments, code reviews, and penetration testing focused on applications developed in Kotlin, Java, and TypeScript.
- Identify, classify, prioritize, and track remediation of vulnerabilities such as those listed in the OWASP Top 10 and other common weaknesses.
- Use and maintain application security tools such as Burp Suite for dynamic testing, SAST/DAST/IAST tools, and other automated security scanners.
- Collaborate closely with software development teams to enforce secure coding standards and hold Software Engineers accountable for patching vulnerabilities within defined SLAs.
- Integrate security testing and automation into CI/CD pipelines to ensure continuous security validation.
- Define and maintain security requirements and best practices aligned with industry standards such as OWASP, NIST, ISO, PCI DSS, and GDPR.
- Conduct threat modeling, risk assessments, and security design reviews for new and existing applications.
- Promote security awareness and provide training to development teams on secure coding and vulnerability mitigation.
- Respond to security incidents and support remediation efforts.
- Recommend and implement new security tools and technologies to improve application security posture.
- Work in Agile and DevSecOps environments to embed security throughout the software development lifecycle.
Minimum Requirements:
- Bachelor’s degree in Computer Science, Cybersecurity, or related field.
- 6-8+ years of experience in application security, secure coding, and vulnerability assessment.
- Strong development background with hands-on experience in Kotlin, Java, and Typescript.
- Deep understanding of OWASP Top 10, CWE, and common web and API vulnerabilities.
- Proficient with security testing tools such as Burp Suite, Fortify, Veracode, or similar.
- Experience with secure SDLC, DevSecOps practices, and integrating security into CI/CD pipelines.
- Familiarity with authentication and authorization protocols like OAuth2, OIDC, and SAML.
- Ability to work effectively with development teams, guiding and holding them accountable for timely vulnerability remediation.
- Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT.
- Fluency in English.
Preferred Requirements:
- Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes) is a plus.
Benefits:
💸 Get paid in USD, Crypto, Euro, ARS. Whatever your choice! We use Deel to make things easier for you!
🗺 Work remotely: design the life that you want.
⛱ Enjoy 15 business days of vacation each year from the start date.
🎄16 fully paid Argentinean holidays.
🩺 Healthcare Benefit: Monthly stipend to use in your preferred healthcare provider.
🗓️ 5-year Sabbatical: After 5 years with CookUnity, you get a 4-week paid sabbatical.
🐣 Paid family leave.
🕯 Compassionate Leave: 3-5 days each time the need arises.
🧘🏽♀️ Customize the benefits that suit your needs! Access a range of perks tailored to you, including learning opportunities, wellness memberships, delivery apps, and more through our comprehensive benefit platform.
🧑🏫 Personalized English coach.
If you’re interested in this role, please submit your application and if we think you might be a fit, we'll get in touch with you. Thank you for your time!
CookUnity is an Equal Opportunity Employer. We are dedicated to creating a community of inclusion and an environment free from discrimination or harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, citizenship status, protected veteran status, genetic information, or physical or mental disability.
CookUnity
America's #1 chef-crafted meal delivery—perfect for healthy eating, weight loss, GLP-1 balanced meals, or delicious food. Get 50% off your first week—order now!
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.