Cloud Application Security Engineer

Coupa Software (NASDAQ: COUP), a leader in business spend management (BSM), has been certified as a “Great Place to Work” by the Great Place to Work organization. We deliver “Value as a Service” by helping our customers maximize their spend under management, achieve significant cost savings and drive profitability. Coupa provides a unified, cloud-based spend management platform that connects hundreds of organizations representing the Americas, EMEA, and APAC with millions of suppliers globally. The Coupa platform provides greater visibility into and control over how companies spend money. Customers – small, medium and large – have used the Coupa platform to bring billions of dollars in cumulative spend under management. Learn more at www.coupa.com. Read more on the Coupa Blog or follow @Coupa on Twitter.
Do you want to work for Coupa Software, the world's leading provider of cloud-based spend management solutions? We’re a company that had a successful IPO in October 2016 (NASDAQ: COUP) to fuel our innovation and growth. At Coupa, we’re building a great company that is laser focused on three core values:
1. Ensure Customer Success – Obsessive and unwavering commitment to making customers successful.2. Focus On Results – Relentless focus on delivering results through innovation and a bias for action.3. Strive For Excellence – Commitment to a collaborative environment infused with professionalism, integrity, passion, and accountability.

Responsibilities:

• Penetration testing of web application, utilizing Mitre ATT&CK framework as well as OWASP top 10
• Analysis of application packages, including evaluating dependencies for vulnerabilities
• Receiving external penetration tests and vulnerability reports associated with our web application product and validating the same
• Developing / recommending remediation for findings
• Coordinate and monitor the bug bounty program, including validating potential findings and recommending rewards to lead engineer.
• Conduct Static code analysis using tools and validate findings
• Conduct Dynamic code analysis using tools and validate findings
• Assist with delivering the Application Security strategy, partnering and collaborating with developers and other security teams.

Required Skills and Abilities:

• Bachelor’s Degree in Computer Science or equivalent industry experience
• Penetration testing certification is recommended (CEH, GWEB, GPEN, OSCP)
• 1-3 years of experience required
• Experience with testing platforms such as Metasploit, Burp Suite, etc
• Experience with penetration testing
• Critical thinking skills (ability to solve complex problems)
• Scripting language skill, such as Python, Ba$h, Pearl, JavaScript
• Some development exposure, familiarity with .net and java recommended.

Preferred Skills:

• Advanced certification in penetration testing and exploit creation (such as OSCP)
• Experience with application development and delivery
• Knowledge of more programming languages, such as Go and Ruby

At Coupa, we have a strong and innovative team dedicated to improving the spend management processes of today’s dynamic businesses. It’s our people who make it happen, and we strive to attract and retain the best in every discipline.
We take care of our employees every way we can, with competitive compensation packages, as well as restricted stock units, an Employee Stock Purchase Program (ESPP), comprehensive health benefits for employees and their families, retirement and savings plans with employer match, a flexible work environment, no limit vacations for exempt employees, non-exempt employees are on an accrual basis for PTO, catered lunches…And much more!
As part of our dedication to the diversity of our workforce, Coupa is committed to Equal Employment Opportunity without regard for race, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity or religion.
Please be advised, inquiries or resumes from recruiters will not be accepted.