Senior Software Engineer – Application Security

Job Description / Skills Required

Requisition ID: R13985
Our application security team is looking for a security-focused software developer who's obsessed with secure code. You will be responsible for both the development of new technologies and interfaces that engineering teams within Groupon can integrate into their own development projects to secure sensitive data as well as serve as an expert security consultant to other teams within Groupon on security best practices.

In this role, you will be responsible for all aspects of security operations pertaining to our public-facing production environments. You will provide technical security expertise across a broad range of environments and will develop technology solutions that will be usable across the business to increase the level of security around how we handle sensitive data. For example, you will serve as a security consultant to other teams within Groupon on security practices, pairing with other Groupon engineering teams to review project design and implementation, performing secure code reviews and large data set analysis, and helping develop APIs in order to secure sensitive data. you should be an experienced software developer with a deep understanding of Ruby, Java and Javascript/Coffeescript, as well as possess a deep understanding of engineering concepts like secure coding practices and secure code reviews.

Responsibilities:
Research, initiate and drive the evaluation of third-party or in-house tools/technologies/processes to maintain and enhance the security of Groupon applications
Provide security-related advice and consultancy to Engineering, Legal, Fraud, Risk Management, PR and other business groups as needed
Collaboratively support internal leadership teams to ensure that security awareness and issues are communicated effectively
Perform analyses against large data sets to identify potentially malicious behavior
Work closely with agile development teams and their delivery deadlines to remediate application vulnerabilities detected through security scanning tools
Actively manage the security activities associated with secure software development, including performing peer code reviews, to address risks and threats
Be an ambassador for the team to assist with the ongoing integration of the Application Security team with other business units within Groupon
Qualifications
Skills and competencies:
Excellent verbal, interpersonal, and written communication skills
Excellent analytical, creative problem-solving and decision-making capabilities
Can effectively work self-sufficiently across a geographically distributed team environment with integrity
Is a results oriented, high energy person who takes pride in their work
Able to write and review code with colleagues, each with different priorities, backgrounds, and abilities
Bachelor's Degree or equivalent work experience
Job-related experience:
8+ years software development skills in Ruby, Java, Javascript/Coffeescript, shell scripting, and preferably at least one statically typed language (e.g. Haskell, C#, Scala)
Strong background in information security concepts required. Experience in a highly technical hands on environment preferred
Deep knowledge of web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies
Knowledge of system security vulnerabilities and remediation techniques
Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Experience working in a security capacity with development team(s) that deliver a software-based service
Linux system administration experience
Knowledge of security across disciplines (data, database, operating system)
Strong understanding of threat modeling and security methodologies
Experience with at least one code security review tool
Familiar with protocol analysis methods and cryptography

Groupon provides a global marketplace where people can buy just about anything, anywhere, anytime. We’re enabling real-time commerce across an expanding range of categories including local businesses, travel destinations, consumer products, and live or lively events. At the same time, we are providing advertising options and tools that merchants can use to grow and manage their businesses. Culturally, we believe that great people make great companies and that starting with the customer and working backward moves us forward. Community matters to us on an internal, local and global scale—it’s fundamental to our company’s growth and to the well-being of the world at large. We also value self-awareness, candor, lunch and WiFi. If we match with you, please apply to join us.