Senior Security Engineer- Vendor Management
About The Opportunity
Hey! We're Grubhub
We're all about connecting hungry diners with our network of over 300,000 restaurants nationwide. Innovative technology, user-friendly platforms and streamlined delivery capabilities set us apart and make us an industry leader in the world of online food ordering. When you join our team, you become part of a community that works together to innovate, solve problems, grow, work hard and have a ton of fun in the process!
Why Work For Us
We have a fast-paced environment and that is what our teams thrive on. Grubhub believes in empowering people and offering opportunities for development, as well as professional growth. We value strong, positive relationships in all areas: with each other, our customers and our greater community. Want to be a part of a team of diverse collaborators in an authentically fun culture? If so, we want to talk to you - and hear what's your favorite restaurant for food delivery!
We're looking for a Senior Security Engineer with experience in building security into products to join our Application Security team. The team provides engineering and product teams with the security expertise necessary to make confident product decisions. This is done through the use of Threat Modeling, Static Code Analysis, Cloud Security tooling, and Bug Bounty programs. Dynamic Scanning and Security Training are programs we want to mature in the coming year.
The Impact You Will Make
- Perform risk assessment on behalf of Grubhub on the products / services being procured by Grubhub Business Units and advise procurement, legal teams on the identified risks and proposed mitigation measures
- Review third party security attestation reports provided by vendors. Review architecture diagrams and/or data flow diagrams
- Work closely with vendors and internal partners to develop action plans to meet or exceed agreed performance levels and maintain comprehensive documentation on the identified risks.
- Extend vendor security to include Software Supply Chain risks and tracking.
- Use both automated and manual testing tools to find and validate supply chain vulnerabilities in our products
- Provide guidance to engineering teams on Software Supply chain risks and best practices
What You Bring to the Table
- 5+ years of experience as a combination of software development, security engineering or security testing
- Experience with public cloud environments (AWS, GCP, Azure) and in highly scalable environment/Service Oriented Architecture (SOA)
- Strong knowledge of web application security issues.
- A good intuition of risk tolerance. You know when to compromise and when to hold firm.
- Experience in running, triaging, and making risk assessments based on vulnerability proof of concepts, as well as validating security fixes once deployed.
- Knowledge of vendor security assessment frameworks such as NIST Third Party Risk framework
And Of Course, Perks!
- Flexible PTO . Grubhub employees enjoy a generous amount of time to recharge.
- Health and Wellness. Excellent medical benefits, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
- Competitive Pay. You'll receive a competitive base salary with eligibility for generous incentives, bonuses, commission or RSUs (role-specific).
- Learning and Career Growth. Your personal and professional development is a priority at Grubhub. We empower you to be a leader and grow your career through training, coaching and mentorship opportunities.
- MealPerks. Get meals on us! Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
- Fun. Every Grubhub office has an employee-led Culture Crew that connects people through fun, meaningful events and initiatives like Wellness Wednesdays, Slack competitions and virtual happy hours!
- Social Impact. At Grubhub we believe in giving back through programs like the Grubhub Community Relief Fund and donating $1 million to the Equal Justice Initiative in 2020. Employees are also given paid time off each year to support the causes that are important to them.
Vaccination Requirement: Grubhub employees are required to be fully vaccinated. Candidates must confirm vaccination status at time of hire, and must provide proof of full-Covid-19 vaccination within 2 weeks of starting employment. Fully vaccinated is defined as: "2 weeks have passed since your second dose in a 2-dose series, such as the Pfizer or Moderna vaccines, or 2 weeks after a single-dose vaccine, such as Johnson & Johnson's vaccine.
Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you're applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to [email protected] and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.
CA Privacy Notice: If you are a resident of the State of California and would like a copy of our CA privacy notice, please email [email protected].