Sr. Manager, Application Security Engineering

Core Responsibilities:

• Manage and grow our dynamic team of Application Security professionals
• Continuously improve and expand the application security landscape at Coupa
• Maintain, support and extend our application security tooling, standards, and processes, including but not limited to SAST, DAST, SCA
• Participate in development and operational design reviews with a focus on application security
• Escalation point for incident response from SecOps and managing cross-team actions
• Represent Engineering within the company on security-focus discussions
• Evaluate new security technologies and make recommendations to strengthen the overall security posture across Coupa’s suite of applications
• Maintain, improve, and be a champion of Coupa’s Secure Software Development Lifecycle (SSDLC) methodologies, processes and standards
• Drive threat modeling practices into our product design life cycle
• Work closely with the Operations Security team to review and define best practices
• Support compliance audits through evidence gathering and interviews
• Work closely with the Product Management team and different stakeholders to define and influence the Application Security roadmap
• Produce metrics reporting the state of application security programs and performance of development teams against requirements
• Track vulnerability issues to ensure remediation based on our defined SLA

Requirements:

• Must have leadership experience managing at least 3 direct reports
• Should have 10+ years of experience and 3+ years in managing a team
• Must have a strong background in Application Security
• Must have a great understanding of OWASP Top10, CWE/SANS 25
• Knowledge of identity management tools, SAML, OIDC, and SSO
• Knowledge of OAuth 2, client-server authentication, server-server authentication
• Good understanding of one or more of the following programming languages: Ruby, Go, Java, TypeScript/JavaScript, Python, or C/C++
• Knowledge of SSL/TLS and how it helps secure transmission of data
• Past experience developing secure web applications or microservices
• Being able to influence others through collaboration and thought leadership
• Experience designing, estimating, and leading the implementation of complex systems
• Proven ability to work independently and take projects from design to delivery
• Self-motivated, passion for learning, strong communication skills
• Bachelor's or Master's degree in Computer Science (or equivalent), or equivalent experience

Extra Consideration:

• Knowledge of compliance requirements: HIPAA, PCI, SOX, FedRAMP, SOC, etc
• Knowledge of current cryptography algorithms, such as AES, BCrypt, Argon2
• Presented security-related topics at conferences or meet-ups
• Demonstrated knowledge of security/access control, scalability, high availability
• Open source project contributions