Security Engineer II- Penetration Testing page is loaded Security Engineer II- Penetration Testing Apply locations Chicago Washington Avenue Office time type Full time posted on Posted 30+ Days Ago job requisition id R_037760 About The Opportunity We’re all about connecting hungry diners with our network of over 300,000 restaurants nationwide. Innovative technology, user-friendly platforms and streamlined delivery capabilities set us apart and make us an industry leader in the world of online food ordering. When you join our team, you become part of a community that works together to innovate, solve problems, grow, work hard and have a ton of fun in the process! Why Work For Us Grubhub is a place where authentically fun culture meets innovation and teamwork. We believe in empowering people and opening doors for new opportunities. If you’re looking for a place that values strong relationships, embraces diverse ideas–all while having fun together–Grubhub is the place for you! Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering plans of action for remediation, ultimately guiding our product security uplift activities. This is a unique opportunity for an experienced offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Grubhub Security to make real positive impacts to our security posture, and help us improve our security designs so that we can deliver trustworthy experiences across the entire Grubhub ecosystem. This role is based in Chicago, IL and is required 2 days per week in the office. The Impact You Will Make: You will enhance the overall security posture of Grubhub by identifying and mitigating security vulnerabilities proactively. Streamline security testing processes by automating penetration tests as part of the CI/CD pipeline, reducing manual effort and improving engineering operational excellence. Contribute to a culture of cybersecurity awareness and continuous improvement within the organization, enabling Grubhub to launch and sustain key business initiatives with minimal risk. Key Responsibilities: Conduct white-box and gray-box offensive penetration testing against Grubhub’s mobile applications, front-end & back-end microservices and web services Conduct network infrastructure, Public Cloud (AWS, GCP and Azure), and data-layer offensive pen-testing in support of annual PCI-DSS requirements Perform security assessments on mobile application products and services. Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed Be a subject matter expert and ambassador to Grubhub Engineering for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security Perform any other application security or product security related activities or tasks as needed or directed Validate 3rd party external pen-test and crowd-sourced application security findings and work with our Appsec team to triage those across to our engineering teams What You Bring To The Table: Bachelors degree in Computer Science, Information Technology, or related field (or equivalent experience). 3+ years of relevant engineering or security assessment experience Proven experience in manual penetration testing, including web applications, APIs, micro-services, networks, and cloud environments. A broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks Intermediate-level experience with Java, Go, or Python with demonstrable experience in conducting code reviews to identify security deficiencies at the code-level. Ability to create and write scripts to automate redundant activities Familiarity with security testing tools such as Burp Suite, Nmap, etc. Strong understanding of CI/CD pipelines and experience with integrating security testing into automated build processes. Knowledge of security controls (like EDR) evasion techniques and ability to apply that knowledge as part of an advanced security assessment. Working familiarity with version control systems (Git) and issue tracking tools (Jira) and ability to define + support your commitments within an Agile working model. Ability to create written work product, detailed technical findings documents, and pen-test reports. Great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry. Excellent communication skills and ability to work collaboratively in a team environment. Ability to fully participate in our on-call rotation as a service owner Preferred Qualifications: A pen-test certification such as Offensive Security Certified Professional (OSCP), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, eWAPT, eMAPT and/or willing to work towards ultimately obtaining one within the first year as part of your career path And Of Course, Perks! Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge. Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being. Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs. Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants. Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them. Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you’re applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to TalentAcquisition@grubhub.com and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address. If you are a resident of the State of California and would like a copy of our CA privacy notice, please email privacy@grubhub.com. About Grubhub Join Our Team Grubhub is dedicated to connecting hungry diners with delicious restaurants. Our technology makes us an industry leader, building the future of online food ordering. With a wide network of reliable and dependent drivers, we help our restaurant partners connect with hungry customers across the country. We offer employees a cutting edge work environment, where we think like owners, and innovate like entrepreneurs. Our curiosity and data-driven mindset make us a leader and allow us to move eating forward. We believe in empowering our employees and offering numerous opportunities for professional growth. #J-18808-Ljbffr
...action as appropriate. Where You will be Going: Regional Travel Defined as travel for work assignment up to two (2) hours... ...family! WHAT WE'RE LOOKING FOR: Active and in good-standing LPN license. Every other weekend and holiday work availability....
...FORWARD WITH RYDER! If you are up to the challenge, Apply Now to work for one of the largest and most respected names in Logistics, Transportation, Fleet Maintenance and Supply Chain Services in the World! Summary The Manager Logistics is responsible to...
...just a few clicks away! What you will do A Johnson Controls Service Technician is a troubleshooter and service expert. You will alleviate concerns the customer may have regarding a security system. You will advise customers and the customer care center of the...
...at your preferred gym. Or take advantage of our fitness fund, which can be used toward at-home workout equipment (yes, including a Peloton).New Family Bonding. Primary caregivers can take 12 weeks off 100% paid leave, while secondary caregivers can take 3 weeks. Returning...
...our company. It is the cornerstone of our corporate values of accountability, leadership, innovation, trust, and expertise. We accept and... ...our employees with an enhanced work life balance.The Account Manager serves as the primary point of contact for market participants...