Senior Software Engineer – Application Security

Job Description / Skills Required

The application security team is looking for a proficient software developer who possesses a strong understanding of secure engineering concepts such as secure coding practices and secure code reviews. The person in this role will be responsible for both the development of new technologies and interfaces that engineering teams within Groupon can integrate into their own development projects to secure sensitive data as well as serve as an expert security consultant to other teams within Groupon on security best practices.

Our Application Security Engineer will be responsible for all aspects of security operations pertaining to our public-facing production environments. This individual will provide technical security expertise across a broad range of environments and will develop technology solutions that will be usable across the business to increase the level of security around how we handle sensitive data. For example, an engineer in this position is responsible for serving as an expert security consultant to other teams within Groupon on security best practices, pairing with other Groupon engineering teams to review project design and implementation, performing secure code reviews and large data set analysis, and helping develop APIs in order to secure sensitive data. The ideal candidate will be an experienced software developer with a very good understanding of Ruby, Java and Javascript/Coffeescript, as well as possess a strong understanding of secure engineering concepts such as secure coding practices and secure code reviews.

MAJOR DUTIES AND RESPONSIBILITIES:

Research, initiate and drive the evaluation of third party or homegrown tools/technologies/processes to maintain and enhance the security of Groupon applications

Provide security related advice and consultancy to Engineering, Legal, Fraud, Risk Management, PR and other business groups as needed

Work closely with internal leadership teams in a collaborative environment to ensure that security awareness and issues are communicated effectively

Perform analyses against large data sets to identify potentially malicious behavior

Provide technical and operational security support to IT, Engineering, Legal, and business units

Work closely with agile development teams and their delivery deadlines to remediate application vulnerabilities detected through security scanning tools

Actively manage the security activities associated with secure software development, including performing peer code reviews, to address risks and threats

Be an ambassador for the team to assist with the ongoing integration of the Application Security team with other business units within Groupon

REQUIRED SKILLS:

Job-related skills/competencies:

Excellent written and verbal communication skills

Strong organizational and analytical skills

Able to write and review code with colleagues, each with different priorities, backgrounds, and abilities

Arrive at novel solutions to difficult problems

Strong knowledge of secure development practices

Ability to interact professionally with senior leadership and can articulate key messages to a range of technical and non-technical audiences

Effectively works in a distributed team environment

Results oriented, high energy, self-motivated

High degree of self-sufficiency, ownership, and pride of deliverables

Education/Credentials:

Bachelor's Degree or equivalent work experience

JOB-RELATED EXPERIENCE:

Strong background in fundamental information security concepts required. Experience in a highly technical hands on environment preferred

Solid development skills in Ruby, Java, Javascript/Coffeescript, shell scripting, and preferably at least one statically typed language (e.g. Haskell, C#, Scala)

Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies

Knowledge of system security vulnerabilities and remediation techniques

Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

Experience working in a security capacity with development team(s) that deliver a software-based service

Linux system administration experience

Knowledge of security across multiple disciplines (data, database, operating system)

Strong understanding of threat modeling and security methodologies

Experience with at least one code security review tool

Familiar with protocol analysis methods and cryptography

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.