What You'll Do:
- Expand the application security landscape at Coupa
- Being a hands-on developer is a key responsibility in this role, with strong proficiency in secure coding practices
- Strong software development skills in languages such as Java, .Net, and Python
- Ability to perform code reviews and mentor junior team members
- Passion for building security-focused features that perform at scale
- Track vulnerability reports and contribute security fixes
- Design and implement application changes to meet security compliance requirements
- Lead and execute Security Architecture Reviews, Threat Modeling, and Design Reviews for new and existing platform components to proactively identify and mitigate security risks.
- Conduct Security Reviews for AI/ML models and systems, addressing unique risks associated with data integrity, model poisoning, privacy, and adversarial attacks.
- Evaluate new security technologies and make recommendations to strengthen our application
- Be a champion of Coupa’s Secure Software Development Lifecycle (SSDLC) methodologies, integrating security earlier into the development pipeline.
- Work closely with the Operations Security team to review and define our best practices
What You Will Bring to Coupa:
- Leadership & Experience: 2+ years as a Lead Software Engineer or Lead AppSec Engineer; able to independently drive projects from design through delivery.
- Technical Expertise: Strong in Java, .NET, or Python; experienced building secure web applications/microservices and designing complex, distributed systems.
- Security Architecture & Threat Modeling: Skilled in formal security architecture/design reviews and threat modeling methods (STRIDE, DREAD).
- Security Foundations: Deep knowledge of OWASP Top 10, SANS Top 25, identity and access management (SAML, OIDC, SSO), OAuth flows, and core cryptographic algorithms (DES, RSA, HMAC, SHA, etc.).
- Systems & Development Practices: Familiar with design patterns, scalability, high availability, concurrency, and SQL/NoSQL databases; strong communication, self-motivation, and continuous learning mindset.
- Additional/Preferred Skills: Background in AI/ML security (MLOps, adversarial robustness), compliance frameworks (HIPAA, PCI, SOX, FedRAMP), plus conference presentations or open-source contributions.
