Director of Application Security
About The Opportunity
Here at Grubhub we’ve been dedicated to giving diners the most convenient way to order food from their favorite restaurants (whether that’s a late night Chalupa from Taco Bell or a salad for lunch from a local restaurant the day after they enjoyed said late night Chalupa).
While we are food-obsessed, we are also customer-obsessed. We look to constantly innovate our technology so our diners’ food experience is memorable, restaurant owners get more business and individuals across the country looking for part-time work can deliver the food from the restaurant to the diner flawlessly. We take great pride in knowing that we are a part of 19+ million diners food ordering experience and we are partnered with 115,000 restaurants in 2,200 US cities across our suite of apps (Grubhub, LevelUp, Seamless, Tapingo).
Want to be a part of the biggest movement in the US that is moving eating forward? If so, we want to talk to you - and hear what’s your favorite restaurant for food delivery!
We’re looking a Director of Application Security engineer. The Application Security teams are relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions. The team manages our code vulnerability programs including red teaming, manual review, static and dynamic code analysis as well as interfacing with external researchers as part of our bounty program.
Some Challenges You’ll Tackle
- Investigate and understand our newest projects and technologies and give security guidance to ensure that they are as robust as possible.
- Perform code and design reviews of internally developed applications.
- Develop security tools to find or fix security issues en masse.
- Use both automated and manual testing tools to find and validate vulnerabilities in our web applications
- Create automated tests to encourage and enforce security standards.
- Develop security training and education for our software engineers.
- Ensure that identified issues are prioritized and addressed in an appropriate timeframe.
- Interact directly with the security community regarding vulnerabilities and threats
- Coach and mentor engineering teams and team leaders
- Guide growth and evolution of the team and security standards
- Own team engagement through 1x1s, communication, celebrations, training
You Should Have
- 7+ years of experience with a web application and network security
- 5+ years of experience with public cloud
- 3+ years of experience managing engineers
- Experience in a highly scalable environment/SOA is preferred.
- You enjoy both breaking and building.
- Strong knowledge of web application security issues.
- Being able to understand the true risks of findings ultimately allowing you to compromise when it's necessary and hold firm when it's essential.
- You are interested in teaching security since we’re all in this together.
- Experience with Amazon Web Service (AWS), Google Compute Platform (GCP, Heroku, and git
- Experience on running, triaging and making risk assessments based on vulnerability proof of concepts, as well as validating security fixes once deployed.
- Good verbal and written communication skills and experience interacting with highly distributed entrepreneurial teams.
- Strong sense of “ownership” and an innovative engineering mindset.
PROGRAMMING LANGUAGE FOCUS:
- Experience with multiple programming languages such as Java, Ruby, C# and scripting languages such as Python.
- Background in penetration testing tools: Nessus, Metasploit, BurpSuite
And Of Course, Perks!
- Flexible PTO. It’s true, no strings attached and all the time you need to recharge.
- PTO. It’s true, we provide you a generous amount of time to recharge.
- Better Benefits. Get quality insurance, flex-spending accounts, retirement options and commuter perks.
- Free Food. Kitchens are stocked and free Grubhub each week.
- Stock Up. All of our employees are owners, in fact, they’re granted Restricted Stock Units, which means we’re all in it to win it.
- Casual Culture. Catch rays on the rooftop or get comfy on a couch and get to know your coworkers — because work, should be a place you want to be.
Grubhub is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. The EEO is the Law poster is available here: DOL Poster. If you are applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an e-mail to firstname.lastname@example.org and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.