Senior Software Engineer- Security Engineering

About The Opportunity
We're all about connecting hungry diners with our network of over 300,000 restaurants nationwide. Innovative technology, user-friendly platforms and streamlined delivery capabilities set us apart and make us an industry leader in the world of online food ordering. When you join our team, you become part of a community that works together to innovate, solve problems, grow, work hard and have a ton of fun in the process!
Why Work For Us
Grubhub is a place where authentically fun culture meets innovation and teamwork. We believe in empowering people and opening doors for new opportunities. If you're looking for a place that values strong relationships, embraces diverse ideas-all while having fun together-Grubhub is the place for you!
At Grubhub, we are a team of smart and motivated engineers that place a high value on craftsmanship and the security and scalability of our infrastructure. As we grow and take on the exciting challenges of keeping up with new product development and scaling our services to support greater volume and more clients, we're looking for a talented engineer to help us maintain a high standard of security across our platform.
This role will act as a part of the Security Engineering team and ensure that we maintain high security standards throughout our technical infrastructure, applications, and processes. Specifically, we will be looking for you to take part in automating security in our AWS environments, ensuring the uptime and availability of our security tools and working with engineering teams to improve product security.
The Impact You Will Make

• Designing/implementing/running/managing automated code vulnerability scanners.
• Integrating multiple controls into the SDLC pipeline.
• Assists in executing the end-to-end vulnerability lifecycle, Identify gaps in apps and services lacking proper security scans, build-out and complete a project roadmap to ensure 100% coverage across all assets.
• Review and verify vulnerability findings
• Form a strong relationship with developer and SRE teams, and serve as a point of contact and security SME for questions arising around secure development.
• Facilitate the integration of security tools with the development pipeline making them self-service for the engineering teams.
• Partner with enterprise stakeholders to improve support efficiency, self-service, and automation for application security scanning services and remediation efforts.
• Evangelize for security within the organization and proactively recommend practical software and architectural security improvements.
• Work with the service owners to prioritize fixes for closing vulnerability gaps.
• Develop skills and processes to evaluate and propose or validate security features in our products/applications.
• Contribute to the security champions/ambassador program for material-related application security.
• Perform proactive research to detect new attack vectors and pen test internal and external apps.
• Help to consult and guide other AppSec team members with their tasks.
• Embed Application security best practices and standards (OWASP, NIST)

What You Bring To The Table

• 5 + years of experience as a code engineer.
• 2+ years experience in application security, information security, or a related field.
• 2+ years Python development experience.
• 2+ years experience deploying applications to and security of AWS Cloud Environments.
• Experience with security testing at scale by building and implementing code scanning tools, integrating security into CI/CD workflows for everyday deployments.
• Experience with scripting languages such as: JavaScript, Python, Go, Bash, Perl, PowerShell.
• Strong Knowledge of Network and Network Layer Protocols (specifically TCP/IP, HTTP, SSL)
• Strong Knowledge of Network and Application security best practices and standards (OWASP, NIST).
• Experience with continuous integration servers such as Jenkins and Spinnaker.
• Working knowledge of docker container building and orchestration.
• Bachelor's degree in Computer Science, Information Security, or a related field.

Desired Qualifications:

• CISSP, CEH, CISM or other relevant security certification.
• Experience with cloud security (AWS, Azure, GCP).
• Experience with penetration testing tools and methodologies.

And Of Course, Perks!

• Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
• Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
• Compensation. You'll receive a great compensation package with eligibility for generous incentives, bonuses, commission, or RSUs (role-specific).
• Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
• Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.

Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you're applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to [email protected] and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.
If you are a resident of the State of California and would like a copy of our CA privacy notice, please email [email protected].