Senior Software Engineer – AppSec

Chicago, IL, US

Job Description / Skills Required

 The application security team is looking for a proficient software developer who possesses a strong understanding of secure engineering concepts such as secure coding practices and secure code reviews.  The person in this role will be responsible for both the development of new technologies and interfaces that engineering teams within Groupon can integrate into their own development projects to secure sensitive data as well as serve as an expert security consultant to other teams within Groupon on security best practices.   

Our Application Security Engineer will be responsible for all aspects of security operations pertaining to our public-facing production environments. This individual will provide technical security expertise across a broad range of environments and will develop technology solutions that will be usable across the business to increase the level of security around how we handle sensitive data. For example, an engineer in this position is responsible for serving as an expert security consultant to other teams within Groupon on security best practices, pairing with other Groupon engineering teams to review project design and implementation, performing secure code reviews and large data set analysis, and helping develop APIs in order to secure sensitive data. The ideal candidate will be an experienced software developer with a very good understanding of Ruby, Java and Javascript/Coffeescript, as well as possess a strong understanding of secure engineering concepts such as secure coding practices and secure code reviews.

Research, initiate and drive the evaluation of third party or homegrown tools/technologies/processes to maintain and enhance the security of Groupon applications
Provide security related advice and consultancy to Engineering, Legal, Fraud, Risk Management, PR and other business groups as needed
Work closely with internal leadership teams in a collaborative environment to ensure that security awareness and issues are communicated effectively
Perform analyses against large data sets to identify potentially malicious behavior
Provide technical and operational security support to IT, Engineering, Legal, and business units
Work closely with agile development teams and their delivery deadlines to remediate application vulnerabilities detected through security scanning tools
Actively manage the security activities associated with secure software development, including performing peer code reviews, to address risks and threats
Be an ambassador for the team to assist with the ongoing integration of the Application Security team with other business units within Groupon


Job-related skills/competencies:
Excellent written and verbal communication skills
Strong organizational and analytical skills
Able to write and review code with colleagues, each with different priorities, backgrounds, and abilities
Arrive at novel solutions to difficult problems
Strong knowledge of secure development practices
Ability to interact professionally with senior leadership and can articulate key messages to a range of technical and non-technical audiences
Effectively works in a distributed team environment
Results oriented, high energy, self-motivated
High degree of self-sufficiency, ownership, and pride of deliverables

Bachelor's Degree or equivalent work experience

Strong background in fundamental information security concepts required.  Experience in a highly technical hands on environment preferred
Solid development skills in Ruby, Java, Javascript/Coffeescript, shell scripting, and preferably at least one statically typed language (e.g. Haskell, C#, Scala)
Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies
Knowledge of system security vulnerabilities and remediation techniques
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Experience working in a security capacity with development team(s) that deliver a software-based service
Linux system administration experience
Knowledge of security across multiple disciplines (data, database, operating system)
Strong understanding of threat modeling and security methodologies
Experience with at least one code security review tool
Familiar with protocol analysis methods and cryptography
Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.