• Senior Application Security Engineer

    Job Locations US-IL-Chicago | US-NY-New York
    Job ID
    2019-9650
    Category
    Technology
  • About The Opportunity

    Here at Grubhub we’ve been dedicated to giving diners the most convenient way to order food from their favorite restaurants (whether that’s a late night Chalupa from Taco Bell or a salad for lunch from a local restaurant the day after they enjoyed said late night Chalupa).

     

    While we are food-obsessed, we are also customer-obsessed. We look to constantly innovate our technology so our diners’ food experience is memorable, restaurant owners get more business and individuals across the country looking for work can deliver the food from the restaurant to the diner flawlessly. We take great pride in knowing that we are a part of 22.6 million diners food ordering experience and we feature over 300,000 restaurants in 3,200 US cities across our suite of apps (Grubhub, LevelUp, Seamless, Tapingo, AllMenus and MenuPages).

     

    Want to be a part of the biggest movement in the US that is moving eating forward? If so, we want to talk to you - and hear what’s your favorite restaurant for food delivery!

    We’re looking for a Senior Application Security Engineer.  The Application Security teams are relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions. The team manages our code vulnerability programs including red teaming, manual review, static and dynamic code analysis as well as interfacing with external researchers as part of our bounty program. 

    Some Challenges You’ll Tackle

     

    • Investigate and understand our newest projects and technologies and give security guidance to ensure that they are as robust as possible.
    • Perform code and design reviews of internally developed applications.
    • Develop security tools to find or fix security issues en masse.
    • Use both automated and manual testing tools to find and validate vulnerabilities in our web applications
    • Create automated tests to encourage and enforce security standards.
    • Develop security training and education for our software engineers.
    • Ensure that identified issues are prioritized and addressed in an appropriate timeframe.
    • Interact directly with the security community regarding vulnerabilities and threats
    • Coach and mentor engineering teams and team leaders
    • Guide growth and evolution of the team and security standards

     

    PROGRAMMING LANGUAGE FOCUS:

     

    • Experience with multiple programming languages such as Java, Ruby, C# and scripting languages such as Python.
    • Background in penetration testing tools: Nessus, Metasploit, BurpSuite

    You Should Have

    • 5+ years of experience with a web application and network security
    • 3+ years of experience with public cloud
    • Experience in a highly scalable environment/SOA is preferred.
    • You enjoy both breaking and building.
    • Strong knowledge of web application security issues.
    • Being able to understand the true risks of findings ultimately allowing you to compromise when it's necessary and hold firm when it's essential.
    • You are interested in teaching security since we’re all in this together.
    • Experience with Amazon Web Service (AWS), Google Compute Platform
    • Experience in running, triaging and making risk assessments based on vulnerability proof of concepts, as well as validating security fixes once deployed.
    • Good verbal and written communication skills and experience interacting with highly distributed entrepreneurial teams.
    • Strong sense of “ownership” and an innovative engineering mindset.

    And Of Course, Perks!

    • Flexible PTO. It’s true, no strings attached and all the time you need to recharge.
    • Better Benefits. Get quality insurance, flex spending accounts, retirement options, and commuter perks.  
    • Free Food. Kitchens are stocked and free Grubhub each week.
    • Casual Culture. Catch rays on the rooftop or get comfy on a couch and get to know your coworkers — because work, should be a place you want to be.

     

    Grubhub is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. The EEO is the Law poster is available here: DOL Poster. If you are applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an e-mail to TalentAcquisition@grubhub.com and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.  


    CA Privacy Notice: If you are a resident of the State of California and would like a copy of our CA privacy notice, please email privacy@grubhub.com.
     

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.