Grubhub Security is charged to deliver tailored solutions which provides a safe and trustworthy experience for our users and more than 31.5 million customers. We are committed to maintaining the highest standards of security and compliance in all aspects of our operations. We pride ourselves on innovation, integrity, and a dedication to safeguarding our digital assets.

Job Description:

We are seeking a highly skilled Senior Cybersecurity Engineer specializing in vulnerability management to spearhead the development and orchestration of our automated vulnerability management program. The ideal candidate will leverage their expertise in automation and vulnerability management to design and implement streamlined processes, standardized procedures, and integrated workflows. Their primary focus will be on efficiently identifying, assessing, and prioritizing security vulnerabilities across our systems and applications, ensuring timely remediation. This role is instrumental in safeguarding the integrity of our systems and data against emerging threats.

The Impact You Will Make:

• You’ll ensure that Grubhub’s key business initiatives are delivered securely
• You’ll enable Grubhub to reduce its security risk and improve in security maturity
• You’ll build highly scalable & reliable process to ensure and improve the efficiency, accuracy and integrity of the vulnerability management program
• You’ll be accountable for delivery, deployment, maintenance, and monitoring the performance of the vulnerability management process, directly contributing to the fortification of our defenses against evolving cyber threats.
• You’ll evaluate tools, technologies, frameworks, and vendors to our security posture along with other senior Cyber Security team members and partners from other teams.
• You’ll write performant and concise code to meet the defined standards here at Grubhub, review the code of peers, and ensure security and scalability of the features you work on.
• You’ll help other team members to create the backlog of tech debt and features, suggesting areas for improvement and enhancement.
• You’ll actively work with members from other teams in the domain and be a team player, and promoting a collaborative work culture.

Key Responsibilities:

• Develop and orchestrate an automated vulnerability management program, including the creation of streamlined processes, standardized procedures, and integrated workflows.
• Utilize automation tools and technologies to rapidly ingest, classify, triage, and communicate vulnerabilities and associated business risks to product managers, software engineers, and senior leaders.
• Collaborate with cross-functional teams to prioritize and remediate vulnerabilities based on their criticality and potential impact on business operations.
• Stay current with emerging cybersecurity threats, vulnerabilities, and industry best practices to continually enhance the effectiveness of the vulnerability management program.
• Provide technical guidance and mentorship to junior team members on vulnerability management techniques and methodologies.

Requirements:

• Bachelor's degree in Computer Science, Information Technology, or related field; advanced degree preferred.
• Minimum of 5 years of experience in cybersecurity with a focus on vulnerability management.
• Strong programming skills with proficiency in Python are essential, familiarity with other programming languages such as Java and Go is an advantage. Demonstrated experience in developing automation scripts and tools for vulnerability management is required
• Extensive knowledge of common vulnerability assessment tools, techniques, and methodologies, including vulnerability scanning, penetration testing, and risk assessment.
• In-depth understanding of common vulnerabilities and exposures (CVEs), Common Vulnerability Scoring System (CVSS), and related vulnerability databases.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a keen attention to detail.
• Proven ability to work effectively in a fast-paced, dynamic environment and manage multiple priorities simultaneously.

Preferred Qualifications:

• Industry certifications such as CISSP, CISM, GSEC or CEH.
• Experience with cloud security and containerization technologies (e.g., AWS, Azure, Docker, Kubernetes).
• Familiarity with DevOps practices and CI/CD pipelines.
• Knowledge of regulatory compliance frameworks such as PCI DSS, GDPR, HIPAA, etc.

And Of Course, Perks!

• Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
• Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
• Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs.
• Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
• Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.

Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you’re applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to TalentAcquisition@grubhub.com and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.

If you are a resident of the State of California and would like a copy of our CA privacy notice, please email privacy@grubhub.com.