Staff Application Security Engineer

About this role

About UniUni

UniUni is a late-stage last-mile logistics company moving millions of parcels across the United States and Canada for some of the largest e-commerce platforms in North America. Our technology is cloud-native on AWS. We hold an active ISO 27001 certification and SOC 2 Type II attestation, and security is central to how we operate and how our customers trust us. This role reports to the Information Security Officer and is based in North America (remote with periodic travel to UniUni hubs).

About the role

• We are hiring a Staff Application Security Engineer to be the senior technical anchor for product and platform security at UniUni. You will set the bar for how we build secure software, embed security into our engineering pipelines, and harden our customer-facing products. You will spend your time shoulder-to-shoulder with engineering, not adjacent to it.

This is a hands-on role. You will write code, review code, build tooling, and lead the technically hardest work across application security, DevSecOps and platform security, and product security. You will set standards that scale, but you will also dig into real systems to find real problems and ship real fixes.

What you'll do

• **Application Security**
• Lead threat modeling on new and existing services, focusing on the systems where the risk is real and the architecture is in motion.
• Run our secure code review program, including the design of review playbooks, the hardest reviews yourself, and coaching engineers to catch issues earlier.
• Operate and tune our AppSec tooling stack across SAST, DAST, SCA, and secrets scanning, keeping signal high and noise low.
• Own the third-party penetration testing program in partnership with the ISO, from scoping through findings triage and fix verification.
• Drive standards for authentication, authorization, session management, and API security across our products, and engineer the hard parts yourself when needed.

Platform Security and *...