Senior Application Security Engineer

About CookUnity
Food has lost its soul to modern convenience. And with it, it has lost the power to nourish, inspire, and connect us. So in 2018, CookUnity was founded as the first-of-its-kind platform that connects the world with the source of truly great food: chefs. Today, CookUnity delivers 50 million meals a year from the industry's best chefs to homes all over the country. Fresh. Ready-to-eat. And crafted with the passion that nourishes body and soul.

Unwilling to stop there, CookUnity is expanding beyond delivery to become an ever-innovating marketplace focused on our singular mission:
empower Chefs to nourish the world.
If that mission has you hungry in more ways than one, you've found the right job posting.

The Role
Become a founding member of the Application Security team at CookUnity. You'll work closely with disparate groups inside of CookUnity's engineering organization, ranging from our Infrastructure and Software Engineering teams to ensure were free from high risk vulnerabilities but also building secure by design solutions.

Responsibilities

• Lead application security efforts by performing security assessments, code reviews, and penetration testing focused on applications developed in Kotlin, Java, and TypeScript.
• Identify, classify, prioritize, and track remediation of vulnerabilities such as those listed in the OWASP Top 10 and other common weaknesses.
• Use and maintain application security tools such as Burp Suite for dynamic testing, SAST/DAST/IAST tools, and other automated security scanners.
• Collaborate closely with software development teams to enforce secure coding standards and hold Software Engineers accountable for patching vulnerabilities within defined SLAs.
• Integrate security testing and automation into CI/CD pipelines to ensure continuous security validation.
• Define and maintain security requirements and best practices aligned with industry standards such as OWASP, NIST, ISO, PCI DSS, and GDPR.
• Conduct threat modeling, risk assessments, and security design reviews for new and existing applications.
• Promote security awareness and provide training to development teams on secure coding and vulnerability mitigation.
• Respond to security incidents and support remediation efforts.
• Recommend and implement new security tools and technologies to improve application security posture.
• Work in Agile and DevSecOps environments to embed security throughout the software development lifecycle.

Minimum Requirements

• Bachelor's degree in Computer Science, Cybersecurity, or related field.
• 6-8+ years of experience in application security, secure coding, and vulnerability assessment.
• Strong development background with hands-on experience in Kotlin, Java, and Typescript.
• Deep understanding of OWASP Top 10, CWE, and common web and API vulnerabilities.
• Proficient with security testing tools such as Burp Suite, Fortify, Veracode, or similar.
• Experience with secure SDLC, DevSecOps practices, and integrating security into CI/CD pipelines.
• Familiarity with authentication and authorization protocols like OAuth2, OIDC, and SAML.
• Ability to work effectively with development teams, guiding and holding them accountable for timely vulnerability remediation.
• Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT.
• Fluency in English.

Preferred Requirements

• Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes) is a plus.

Learn More About CookUnity

We believe great leadership starts with alignment on vision, values, and ways of working. To give you deeper insight into who we are and what we're looking for, we invite you to explore:
CookUnity's Leadership Principles
– The values and behaviors that guide how we operate, collaborate, and scale.

We hope this provides valuable insight into our culture and product vision. If this excites you, we'd love to connect

Benefits
Health Insurance coverage

401k Plan

We grow, you grow: Stock Options Plan granted on Day 1

Eligible for a bi-annual performance bonus

Unlimited PTO

5- year Sabbatical: After 5 years with CookUnity, you get a 4-week paid sabbatical

Paid Family leave

Compassionate Leave: 3-5 days each time the need arises

A generous amount of CookUnity credits to enjoy our amazing meals, added to your account, monthly

Wellness perks: access to a nutritional coach and fitness subsidies to build a healthy lifestyle

Personalized Spanish coach

Awesome opportunity to join a company that is looking to change how we eat and how chefs work

Compensation
All final pay rates will be determined by candidates experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

Pay Range for this position

$160,000—$180,000 USD

If you're interested in this role, please submit your application, and if we think you might be a fit, we'll get in touch with you.
Thank you for your time
CookUnity is an Equal Opportunity Employer
. We are dedicated to creating a community of inclusion and an environment free from discrimination or harassment. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, citizenship status, protected veteran status, genetic information, or physical or mental disability.
A quick note for all candidates**
We've Recently Seen An Increase In Recruitment Scams Across The Industry, And We Want To Make Sure You (and Your Data) Stay Safe While Applying To CookUnity. We Also Want You To Know That We Take This Seriously — Sometimes, As Part Of Our Process, We May Ask For a Brief "proof Of Humanity" To Confirm That We're Connecting With a Real Person, Not An Impersonator. Here Are a Few Tips To Help You Protect Yourself And Know What To Expect From Us

• Apply only through our official channels. All open roles are listed on our official careers page:
• Our recruiters are real people — and easy to verify. You can always find them on LinkedIn with verified profiles. If you're unsure, feel free to reach out to us on our official LinkedIn Company Page.
• We only communicate through official CookUnity channels. That means emails ending in and interviews held through official company platforms (Google Meet or Zoom) — never WhatsApp, Telegram, or SMS.
• We'll never ask for payment or personal financial details. If anyone does, please don't share any information and let us know right away.

If something ever feels off or you're unsure about a message, we'd much rather you double-check with us. You can always contact us directly through any of our social media channels. We appreciate your interest in joining CookUnity — and
we care about keeping your experience (and safety) as genuine as possible.**