Lead Application Security Engineer

The Impact of a Lead Application Security Engineer at Coupa:
We are looking for an extremely talented Lead Software Engineer to join our Application Security Team. You will be part of a global agile group that is responsible for building the best in class SaaS platform, deployment infrastructure, and services. The position will require a candidate to design, develop, maintain, and scale Coupa’s security features and application security tooling.

What You'll Do:

• Expand the application security landscape at Coupa
• Being a hands-on developer is a key responsibility in this role
• Strong software development skills in languages such as Java, .Net and Python
• Ability to perform code reviews and mentor junior team members
• Passion for building security-focused features that perform at scale
• Track vulnerability reports and contribute security fixes
• Design and implement application changes to meet security compliance requirements
• Participate in development and operational design reviews with a focus on application security
• Evaluate new security technologies and make recommendations to strengthen our application
• Be a champion of Coupa’s Secure Software Development Lifecycle (SSDLC) methodologies
• Work closely with the Operations Security team to review and define our best practices

What You Will Bring to Coupa:

• Minimum of 2 years of experience as a Lead Software Engineer
• Expertise in one or more of the following languages: Java, .Net, Python
• Expertise in developing secure web applications or microservices
• Knowledge of common application security issues (e.g. OWASP Top 10, SANS Top 25)
• Knowledge of identity management tools, SAML, OIDC, and SSO integrations
• Knowledge of OAuth, client-server authentication, server-server authentication
• Knowledge of different crypto-algorithms, such as DES, RSA, HMAC, SHA, etc.
• Experience designing, estimating, and leading the implementation of complex systems
• Proven understanding of software development best practices and design patterns
• Demonstrated knowledge of security/access control, scalability, high availability, and concurrency
• Experience working with SQL and NoSQL databases
• Proven ability to work independently and take projects from design to development to delivery
• Self-motivated, passion for learning, strong communication skills
• Bachelor's or Master's degree in Computer Science (or equivalent), or equivalent experience

Extra Consideration:

• Knowledge of compliance requirements: HIPAA, PCI, SOX, FedRAMP, etc
• Presented security-related topics at conferences or meet-ups
• Open source project contributions

The estimated pay range for this role is as follows:
•Based in California: $171,275 - $201,500•Based in Colorado: $147,050 - $173,000•Based in New Jersey: $171,275 - $201,500•Based in New York: $171,275 - $201,500•Based in Washington: $155,550 - $183,000
The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state.