Grubhub is seeking a Staff Engineer to join our Product Security team. As a member of our team you will help us analyze, design and build security technology into our products and services in order to enable trustworthy experiences for Grubhub's diners, merchants, drivers and employees. You will dig into the complex world of building security technology in frictionless ways to evaluate software integrity, provide guidance to engineers, and ensure best practices are deployed across all security domains in the web, mobile, systems and application security space. This role reports directly to the head of cybersecurity with broad latitude to work with both senior and new-grad engineers to make a measurable impact on Grubhub's security posture.
The Impact You Will Make:
You will enhance the overall security posture of Grubhub by identifying and mitigating security defects proactively.
You will contribute to a culture of cybersecurity awareness and continuous improvement within the organization, enabling Grubhub to launch and sustain key business initiatives with minimal risk.
You will champion high-integrity + high-assurance outcomes in order to ensure the delivery of secure and trustworthy experiences
More About The Role:
Identify lacking security-sensitive functionality in Grubhub's applications and services, translating those control gaps into actionable engineering remediation plans and solutions
Design, build, deploy and drive adoption of embedded security tooling in conjunction with internal services and platform teams
Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new security systems and technologies
Drive initiatives with outside teams to re-engineer existing services to ensure that Grubhub remains resilient against the latest security threats
Bridge security domain knowledge gaps through technical mentorship of a team of passionate engineers while also delivering uniquely challenging projects.
What You Bring To The Table:
Professional experience of 8+ years in at least two security domains: web security (inclusive of APIs, backends, frontend and microservices), edge/perimeter security, mobile security, cloud security, systems security, or reverse engineering
7+ years of industry experience in a software development environment.
Proficiency in programming languages like Java, Python, or C++ with demonstrable experience in conducting code reviews to identify security deficiencies in how business logic is implemented.
Experience designing, implementing, and deploying production-quality security engineering systems and incorporating security standards into supporting subsystems as needed.
Hands-on experience with middleware, message queues, caches, and other related technologies.
Strong experience in architecture design, high-availability, high-performance systems and working with 5x9/ zero-downtime systems.
Deep understanding of distributed systems.
Demonstrable commitment to engineering and operational excellence-to include development + monitoring of SLOs/SLIs to assure adherence to EOE standards-with direct experience in driving security outcomes within an engineering culture.
A broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
Strong understanding of CI/CD pipelines and experience with integrating security testing into automated build processes.
Working familiarity with version control systems (Git), issue tracking tools (Jira) and ability to define + support your commitments within an Agile working model.
Ability to communicate ideas and proposals concisely to a wide-range of audiences
Ability to author both technical and non-technical documentation on a continuous cadence.
Ability to fully participate in our on-call rotation as a service owner
Bachelor's in Computer Science, Engineering or a related field
Preferred Qualifications
Master's (or Ph.D) in Computer Science, Engineering or a related field
A security industry-related certification such as Certified Information Systems Security Professional (CISSP) or Offensive Security Certified Professional (OSCP)
And Of Course Perks:
Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs.
Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.