Staff Security Engineer
About The Opportunity
We're all about connecting hungry diners with our network of over 300,000 restaurants nationwide. User-friendly platforms and streamlined delivery capabilities set us apart in the world of online food ordering. Grubhub is a place where authentically fun culture meets innovation and teamwork. We believe in empowering people and opening doors for new opportunities. If you're looking for a place that values relationships, embraces diverse ideas-all while having fun together-then Grubhub is the place for you!
We're looking for an Application Security Engineer with experience in building security into products. The team provides engineering and product teams with the security expertise necessary to make confident product decisions. This is done through the use of Threat Modeling, Static Code Analysis, Cloud Security tooling, and Bug Bounty programs. Dynamic Scanning and Security Training are programs we want to mature in the coming year.
The Impact You Will Make
- Investigate and understand our newest projects and technologies and give security guidance to ensure that they are as robust as possible.
- Perform code and design reviews of internally developed applications.
- Develop security tools to find or fix security issues en masse.
- Use both automated and manual testing tools to find and validate vulnerabilities in our web applications
- Create automated tests to encourage and enforce security standards.
- Develop security training and education for our software engineers.
- Ensure that identified issues are prioritized and addressed in an appropriate time frame.
- Coach and mentor engineering teams and team leaders
What You Bring to the Table
- 5+ years of experience as a combination of software development, security engineering or product security
- Expert level knowledge of web application security issues and mobile application security assessment techniques, threat modeling, general software development practices.
- Experience with creating automation in a higher-level scripting language (Python, JavaScript, etc.) to develop tools that make it easier to ship secure code and harder to ship insecure code.
- Recognized security expert in multiple specialty areas, with cross-functional team experience
- Experience with public cloud environments (AWS, GCP, Azure)
- Being able to understand the true risks of findings ultimately allowing you to compromise when it's necessary and hold firm when it's essential.
- Experience in running, triaging, and making risk assessments based on vulnerability proof of concepts, as well as validating security fixes once deployed.
- Strong sense of "ownership" and an innovative engineering mindset.
And Of Course, Perks!
- Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
- Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
- Compensation. You'll receive a great compensation package with eligibility for generous incentives, bonuses, commission, or RSUs (role-specific).
- Free Meals . Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
- Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.
Vaccination Requirement: Grubhub employees are required to be fully vaccinated. Candidates must confirm vaccination status at time of hire, and must provide proof of full-Covid-19 vaccination within 2 weeks of starting employment. Fully vaccinated is defined as: "2 weeks have passed since your second dose in a 2-dose series, such as the Pfizer or Moderna vaccines, or 2 weeks after a single-dose vaccine, such as Johnson & Johnson's vaccine.
Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you're applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to [email protected] and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.
CA Privacy Notice: If you are a resident of the State of California and would like a copy of our CA privacy notice, please email [email protected].