Senior Security Engineer
Reno, Nevada, United States
Coupa Software, Inc.
See all of your business spend in one place with Coupa to make cost control, compliance and anything spend management related easier and more effective.Do you want to work for Coupa Software, the world's leading provider of cloud-based spend management solutions? We’re a company that had a successful IPO in October 2016 (NASDAQ: COUP) to fuel our innovation and growth. At Coupa, we’re building a great company that is laser focused on three core values:
1. Ensure Customer Success – Obsessive and unwavering commitment to making customers successful.2. Focus On Results – Relentless focus on delivering results through innovation and a bias for action.3. Strive For Excellence – Commitment to a collaborative environment infused with professionalism, integrity, passion, and accountability.
Coupa Software is looking for a Senior Security Engineer to assist with the maintenance and development of the global security program. This position will report to the Deputy CISO and will primarily focus on security design reviews and technical security reviews. The Senior Security Engineer needs to have expert-level knowledge of Software as a Service security, as well as a solid understanding of security architectures. The role will also require close collaboration with the Engineering organization. If you are a motivated self-starter with a passion for learning and bias for action, this position is for yo
Core Responsibilities:
- Governance, Risk and Compliance (GRC) Lead for architecture and risk reviews to identify and evaluate technical and product security risk
- Participate in Design reviews focusing on ensuring the designs adhere to the regulatory, contractual and compliance requirements Coupa must meet
- Perform technical security reviews, to include Threat Modeling, of systems and applications to ensure implementation is consistent with approved designs.
- Coordinate with Engineering and GRC teams to ensure broad understanding of technical security requirements are broadly understood.
- Develop core security patterns that can be leveraged by the Engineering teams.
- Assess risks and weaknesses and identify security design or implementation gaps in existing products and services and those associated with the development of new or significantly improved business applications
- Advise on the adoption of core security services (PKI, Identity, Key Management, Detection and Response and Vulnerability Management).
- Influence the product roadmap, work directly with Engineering and Product leadership to prioritize and execute.
Ideal Candidate:
- Works well in a team or solo on various security related projects.
- Extensive knowledge in Cloud Security, specifically software as a service (SaaS) model.
- Advanced written and verbal communication skills. Must have the ability to independently develop relationships and communicate with high level internal and external technical staff.
- Advanced problem solving skills and ability to methodically understand and resolve complex issues.
- Ability to influence several cross-functional departments to gain alignment and to drive design solutions with the appropriate organizations.
- Able to quickly and accurately assess current operations, identify design flaws, and build consensus on both a proposed solution and plan of action.
- Commitment to a learning mindset for all security and compliance related items
- Familiar with ISO 27001, PCI DSS, SOC1 and SOC2, FedRAMP, HIPAA, and other industry standard compliance standards.
Preferred Experience:
- Bachelor’s Degree in Computer Science or equivalent industry experience
- Certification preferences: CISSP, CISM
- Minimum of 5 years of experience in architecting, designing and/or developing SaaS based applications with increasing responsibilities.
- Deep understanding of cloud infrastructure providers such as AWS and/or Azure.
- Contributed to FedRAMP, PCI, SOC2 compliance initiatives.
- Conducting in-depth technical reviews of enterprise systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
- Proven ability to build Threat Models and analyze security weaknesses in complex deployments with varying technology stack
At Coupa, we have a strong and innovative team dedicated to improving the spend management processes of today’s dynamic businesses. It’s our people who make it happen, and we strive to attract and retain the best in every discipline.
We take care of our employees every way we can, with competitive compensation packages, as well as restricted stock units, an Employee Stock Purchase Program (ESPP), comprehensive health benefits for employees and their families, retirement and savings plans with employer match, a flexible work environment, no limit vacations for exempt employees, non-exempt employees are on an accrual basis for PTO, catered lunches…And much more!
As part of our dedication to the diversity of our workforce, Coupa is committed to Equal Employment Opportunity without regard for race, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity or religion.
Please be advised, inquiries or resumes from recruiters will not be accepted.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Azure CISM CISSP Cloud Compliance Computer Science FedRAMP Governance HIPAA ISO 27001 PCI DSS PKI Product security SaaS SOC 1 SOC 2 Vulnerability management
Perks/benefits: Career development Competitive pay Flex vacation Health care Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs