Staff Security Engineer

Posted 7 Days Ago
Be an Early Applicant
Boston, MA
Hybrid
211K-317K Annually
Senior level
eCommerce • Food • Sales • Software
Grubhub connects millions of diners with the food they love from their favorite local restaurants.
The Role
The Staff Security Engineer at Grubhub will enhance the company's security posture by identifying vulnerabilities and designing solutions. Responsibilities include developing security tools, performing threat modeling, conducting code reviews, and mentoring engineers to promote cybersecurity awareness and best practices.
Summary Generated by Built In

About The Opportunity
We're all about connecting hungry diners with our network of over 300,000 restaurants nationwide. Innovative technology, user-friendly platforms and streamlined delivery capabilities set us apart and make us an industry leader in the world of online food ordering. When you join our team, you become part of a community that works together to innovate, solve problems, grow, work hard and have a ton of fun in the process!
Why Work For Us
Grubhub is a place where authentically fun culture meets innovation and teamwork. We believe in empowering people and opening doors for new opportunities. If you're looking for a place that values strong relationships, embraces diverse ideas-all while having fun together-Grubhub is the place for you!
Grubhub is seeking a seasoned Staff-level Software Engineer to design, develop, and maintain security infrastructure and tools to protect the company's platform and data. Grubhub is in growth-mode and we need standardized processes and tools that can be scaled across the organization, to ensure that security measures keep up with the pace of the business. You will work closely with cross-functional teams, including software engineering (FE + BE), IT, and SRE, to ensure our security practices are robust and scalable. Your expertise will help us achieve our goal of building secure, resilient, and efficient systems. A key part of your role will be to develop and maintain "paved roads" for security, creating standardized and streamlined paths that make secure practices the easiest and most efficient options for our teams. This role reports directly to the head of cybersecurity with broad latitude to work with both senior and new-grad engineers to make a measurable impact on Grubhub's security posture.
Your Impact

  • You will enhance the overall security posture of Grubhub by identifying and mitigating security defects proactively.
  • You will contribute to a culture of cybersecurity awareness and continuous improvement within the organization, enabling Grubhub to launch and sustain key business initiatives with minimal risk.
  • You will champion high-integrity + high-assurance outcomes in order to ensure the delivery of secure and trustworthy experiences
  • You'll tangibly reinforce our #1 technology philosophy: "security first" by integrating security into the development process from the start, rather than as an afterthought.


What You Will Do

  • Identify lacking security-sensitive functionality in Grubhub's applications and services, translating those control gaps into actionable engineering remediation plans and solutions
  • Design, build, deploy and drive adoption of embedded security tooling in conjunction with internal services and platform teams
  • Perform threat modeling, design, and code reviews to assess security implications and requirements for the introduction of new security systems and technologies
  • Drive initiatives with outside teams to re-engineer existing services to ensure that Grubhub remains resilient against the latest security threats
  • Bridge security domain knowledge gaps through technical mentorship of a team of passionate engineers while also delivering uniquely challenging projects.


What we're expecting you to have

  • Bachelor's in Computer Science, Engineering or a related field
  • Professional experience of 8+ years in at least two security domains: web security (inclusive of APIs, backends, frontend and microservices), edge/perimeter security, mobile security, cloud security, systems security, or reverse engineering
  • 7+ years of industry experience in a software development environment with expert-level proficiency in programming languages like Java, Python, or C++
  • Demonstrable experience developing libraries and frameworks that are pre-vetted for security, which developers can use to avoid common vulnerabilities.
  • Hands-on experience incorporating security checks and tests into the CI/CD pipeline so that every code change is automatically reviewed for security issues before it is deployed.
  • Demonstrable experience in conducting code reviews to identify security deficiencies in how business logic is implemented.
  • Experience designing, implementing, and deploying production-quality security engineering systems and incorporating security standards into supporting subsystems as needed.
  • Hands-on experience with middleware, message queues, caches, and other related technologies.
  • Strong experience in architecture design, high-availability, high-performance, distributed systems and working with 5x9/ zero-downtime systems.
  • Demonstrable commitment to engineering and operational excellence-to include development + monitoring of SLOs/SLIs to assure adherence to EOE standards-with direct experience in driving security outcomes within an engineering culture.
  • A broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
  • Working familiarity with version control systems (Git), issue tracking tools (Jira) and ability to define + support your commitments within an Agile working model.
  • Ability to communicate ideas and proposals concisely to a wide-range of audiences
  • Ability to author both technical and non-technical documentation on a continuous cadence.
  • Ability to fully participate in our on-call rotation as a service owner


The base salary ranges for this position are below. The ranges provided exclude other forms of compensation such as equity and bonus.
New York $215,500-$323,500 base salary range
Grubhub uses geographic-specific salary structures, which means the salary offered may vary depending on where the job is located. The final salary offer will take into account various factors, such as the candidate's skills, education, training, credentials, and experience. In addition to the base salary, the role might also come with equity and other pay incentives as part of the full compensation package.
And Of Course Perks:

  • Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
  • Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
  • Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs.
  • Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
  • Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.


Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you're applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to [email protected] and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.
If you are a resident of the State of California and would like a copy of our CA privacy notice, please email [email protected].

Top Skills

Web Security

What the Team is Saying

Tatiana
Samuel
Yong
Megan
The Company
HQ: Chicago, IL
10,000 Employees
Hybrid Workplace
Year Founded: 2004

What We Do

Grubhub is part of Just Eat Takeaway.com (LSE: JET, AMS: TKWY), and is a leading U.S. food ordering and delivery marketplace. Dedicated to connecting diners with the food they love from their favorite local restaurants, Grubhub elevates food ordering through innovative restaurant technology, easy-to-use platforms, and an improved delivery experience. Grubhub features more than 375,000 restaurant partners in over 4,000 U.S. cities.

Why Work With Us

Our teams thrive in a fast paced environment that strives to reflect the diversity of our customers and the communities we serve. We value curiosity and data-driven mindsets to empower each other to think like owners, and innovate like entrepreneurs all while maintaining a healthy work-life balance and offering opportunities for professional growth

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Grubhub Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

We offer a flexible working environment where we value our in-person culture, while balancing the needs of our people with the needs of the business.

Typical time on-site: Flexible
HQChicago, IL
Boston, MA
New York, NY
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account