Lead Application Security Engineer

What You'll Do:

• Expand the application security landscape at Coupa
• Being a hands-on developer is a key responsibility in this role
• Strong software development skills in languages such as Java, .Net and Python
• Ability to perform code reviews and mentor junior team members
• Passion for building security-focused features that perform at scale
• Track vulnerability reports and contribute security fixes
• Design and implement application changes to meet security compliance requirements
• Participate in development and operational design reviews with a focus on application security
• Evaluate new security technologies and make recommendations to strengthen our application
• Be a champion of Coupa’s Secure Software Development Lifecycle (SSDLC) methodologies
• Work closely with the Operations Security team to review and define our best practices

What You Will Bring to Coupa:

• Minimum of 2 years of experience as a Lead Software Engineer
• Expertise in one or more of the following languages: Java, .Net, Python
• Expertise in developing secure web applications or microservices
• Knowledge of common application security issues (e.g. OWASP Top 10, SANS Top 25)
• Knowledge of identity management tools, SAML, OIDC, and SSO integrations
• Knowledge of OAuth, client-server authentication, server-server authentication
• Knowledge of different crypto-algorithms, such as DES, RSA, HMAC, SHA, etc.
• Experience designing, estimating, and leading the implementation of complex systems
• Proven understanding of software development best practices and design patterns
• Demonstrated knowledge of security/access control, scalability, high availability, and concurrency
• Experience working with SQL and NoSQL databases
• Proven ability to work independently and take projects from design to development to delivery
• Self-motivated, passion for learning, strong communication skills
• Bachelor's or Master's degree in Computer Science (or equivalent), or equivalent experience

Extra Consideration:

• Knowledge of compliance requirements: HIPAA, PCI, SOX, FedRAMP, etc
• Presented security-related topics at conferences or meet-ups
• Open source project contributions