Senior Security Engineer

Coupa Software (NASDAQ: COUP), a leader in business spend management (BSM), has been certified as a “Great Place to Work” by the Great Place to Work organization. We deliver “Value as a Service” by helping our customers maximize their spend under management, achieve significant cost savings and drive profitability. Coupa provides a unified, cloud-based spend management platform that connects hundreds of organizations representing the Americas, EMEA, and APAC with millions of suppliers globally. The Coupa platform provides greater visibility into and control over how companies spend money. Customers – small, medium and large – have used the Coupa platform to bring billions of dollars in cumulative spend under management. Learn more at www.coupa.com. Read more on the Coupa Blog or follow @Coupa on Twitter.
Do you want to work for Coupa Software, the world's leading provider of cloud-based spend management solutions? We’re a company that had a successful IPO in October 2016 (NASDAQ: COUP) to fuel our innovation and growth. At Coupa, we’re building a great company that is laser focused on three core values:
1. Ensure Customer Success – Obsessive and unwavering commitment to making customers successful.2. Focus On Results – Relentless focus on delivering results through innovation and a bias for action.3. Strive For Excellence – Commitment to a collaborative environment infused with professionalism, integrity, passion, and accountability.
Coupa Software is looking for a Senior Security Engineer to assist with the maintenance and development of the global security program. This position will report to the Deputy CISO and will primarily focus on security design reviews and technical security reviews. The Senior Security Engineer needs to have expert-level knowledge of Software as a Service security, as well as a solid understanding of security architectures. The role will also require close collaboration with the Engineering organization. If you are a motivated self-starter with a passion for learning and bias for action, this position is for yo

Core Responsibilities:

• Governance, Risk and Compliance (GRC) Lead for architecture and risk reviews to identify and evaluate technical and product security risk
• Participate in Design reviews focusing on ensuring the designs adhere to the regulatory, contractual and compliance requirements Coupa must meet
• Perform technical security reviews, to include Threat Modeling, of systems and applications to ensure implementation is consistent with approved designs.
• Coordinate with Engineering and GRC teams to ensure broad understanding of technical security requirements are broadly understood.
• Develop core security patterns that can be leveraged by the Engineering teams.
• Assess risks and weaknesses and identify security design or implementation gaps in existing products and services and those associated with the development of new or significantly improved business applications
• Advise on the adoption of core security services (PKI, Identity, Key Management, Detection and Response and Vulnerability Management).
• Influence the product roadmap, work directly with Engineering and Product leadership to prioritize and execute.

Ideal Candidate:

• Works well in a team or solo on various security related projects.
• Extensive knowledge in Cloud Security, specifically software as a service (SaaS) model.
• Advanced written and verbal communication skills. Must have the ability to independently develop relationships and communicate with high level internal and external technical staff.
• Advanced problem solving skills and ability to methodically understand and resolve complex issues.
• Ability to influence several cross-functional departments to gain alignment and to drive design solutions with the appropriate organizations.
• Able to quickly and accurately assess current operations, identify design flaws, and build consensus on both a proposed solution and plan of action.
• Commitment to a learning mindset for all security and compliance related items
• Familiar with ISO 27001, PCI DSS, SOC1 and SOC2, FedRAMP, HIPAA, and other industry standard compliance standards.

Preferred Experience:

• Bachelor’s Degree in Computer Science or equivalent industry experience 
• Certification preferences: CISSP, CISM
• Minimum of 5 years of experience in architecting, designing and/or developing SaaS based applications with increasing responsibilities.
• Deep understanding of cloud infrastructure providers such as AWS and/or Azure.
• Contributed to FedRAMP, PCI, SOC2 compliance initiatives.
• Conducting in-depth technical reviews of enterprise systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
• Proven ability to build Threat Models and analyze security weaknesses in complex deployments with varying technology stack

#LI-Remote
At Coupa, we have a strong and innovative team dedicated to improving the spend management processes of today’s dynamic businesses. It’s our people who make it happen, and we strive to attract and retain the best in every discipline.
We take care of our employees every way we can, with competitive compensation packages, as well as restricted stock units, an Employee Stock Purchase Program (ESPP), comprehensive health benefits for employees and their families, retirement and savings plans with employer match, a flexible work environment, no limit vacations for exempt employees, non-exempt employees are on an accrual basis for PTO, catered lunches…And much more!
As part of our dedication to the diversity of our workforce, Coupa is committed to Equal Employment Opportunity without regard for race, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity or religion.
Please be advised, inquiries or resumes from recruiters will not be accepted.