Manager, Application Security

San Mateo, California, United States /
Development – Engineering - Americas /
Mid-Senior Level
/ On-site
Coupa Software (NASDAQ: COUP), a leader in business spend management (BSM), has been certified as a “Great Place to Work” by the Great Place to Work organization. We deliver “Value as a Service” by helping our customers maximize their spend under management, achieve significant cost savings and drive profitability. Coupa provides a unified, cloud-based spend management platform that connects hundreds of organizations representing the Americas, EMEA, and APAC with millions of suppliers globally. The Coupa platform provides greater visibility into and control over how companies spend money. Customers – small, medium and large – have used the Coupa platform to bring billions of dollars in cumulative spend under management. Learn more at www.coupa.com. Read more on the Coupa Blog or follow @Coupa on Twitter.

Do you want to work for Coupa Software, the world's leading provider of cloud-based spend management solutions? We’re a company that had a successful IPO in October 2016 (NASDAQ: COUP) to fuel our innovation and growth. At Coupa, we’re building a great company that is laser focused on three core values:

1. Ensure Customer Success – Obsessive and unwavering commitment to making customers successful.
2. Focus On Results – Relentless focus on delivering results through innovation and a bias for action.
3. Strive For Excellence – Commitment to a collaborative environment infused with professionalism, integrity, passion, and accountability.

We are looking for an extremely talented Manager/Sr. Manager to join our Application Security Team. You will be managing a dynamic team of Application Security Professionals based in the United States and India who are responsible for maintaining and extending all aspects of Application Security at Coupa.

Core Responsibilities:

    • Manage and grow our dynamic team of Application Security professionals
    • Continuously improve and expand the application security landscape at Coupa
    • Maintain, support and extend our application security tooling, standards, and processes, including but not limited to SAST, DAST, WAF, RASP
    • Participate in development and operational design reviews with a focus on application security
    • Evaluate new security technologies and make recommendations to strengthen the overall security posture across Coupa’s suite of applications
    • Maintain, improve, and be a champion of Coupa’s Secure Software Development Lifecycle (SSDLC) methodologies, processes and standards
    • Plan and incorporate threat modeling practices into our product design life cycle
    • Work closely with the Operations Security team to review and define best practices
    • Support compliance audits through evidence gathering and interviews
    • Work closely with the Product Management team and different stakeholders to define and influence the Application Security roadmap
    • Produce metrics reporting the state of application security programs and performance of development teams against requirements
    • Track vulnerability issues to ensure remediation based on our defined SLA

Requirements:

    • Must have a minimum of 2 years of leadership experience managing at least 3 direct reports
    • Must have a strong background in Application Security
    • Must have a great understanding of OWASP Top10, CWE/SANS 25
    • Knowledge of identity management tools, SAML, OIDC, and SSO
    • Knowledge of OAuth 2, client-server authentication, server-server authentication
    • Good understanding of one or more of the following programming languages: Ruby, Go, Java, TypeScript/JavaScript, Python, or C/C++
    • Knowledge of SSL/TLS and how it helps secure transmission of data
    • Past experience developing secure web applications or microservices
    • Being able to influence others through collaboration and thought leadership
    • Experience designing, estimating, and leading the implementation of complex systems
    • Proven ability to work independently and take projects from design to delivery 
    • Self-motivated, passion for learning, strong communication skills
    • Bachelor's or Master's degree in Computer Science (or equivalent), or equivalent experience

Extra Consideration:

    • Knowledge of compliance requirements: HIPAA, PCI, SOX, FedRAMP, SOC, etc
    • Knowledge of current cryptography algorithms, such as AES, BCrypt, Argon2
    • Presented security-related topics at conferences or meet-ups
    • Demonstrated knowledge of security/access control, scalability, high availability
    • Open source project contributions
The estimated pay ranges for this role are as follows:

• Based in California: $155,500-$203,000

The successful candidate’s starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location within the state.

At Coupa, we have a strong and innovative team dedicated to improving the spend management processes of today’s dynamic businesses. It’s our people who make it happen, and we strive to attract and retain the best in every discipline.

We take care of our employees every way we can, with competitive compensation packages, as well as restricted stock units, an Employee Stock Purchase Program (ESPP), comprehensive health benefits for employees and their families, a 401(k) match, a flexible work environment, no limit vacations for exempt employees, non-exempt employees are on an accrual basis for PTO, catered lunches…And much more!
As part of our dedication to the diversity of our workforce, Coupa is committed to Equal Employment Opportunity without regard for race, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity or religion.

Please be advised, inquiries or resumes from recruiters will not be accepted.