Application Security Architect - Coupa Pay

San Mateo, CA /
Development – Engineering - Americas / Europe / Asia /
Coupa Software (NASDAQ: COUP), a leader in business spend management (BSM), has been certified as a “Great Place to Work” by the Great Place to Work organization. We deliver “Value as a Service” by helping our customers maximize their spend under management, achieve significant cost savings and drive profitability. Coupa provides a unified, cloud-based spend management platform that connects hundreds of organizations representing the Americas, EMEA, and APAC with millions of suppliers globally. The Coupa platform provides greater visibility into and control over how companies spend money. Customers – small, medium and large – have used the Coupa platform to bring billions of dollars in cumulative spend under management. Learn more at Read more on the Coupa Blog or follow @Coupa on Twitter.

Do you want to work for Coupa Software, the world's leading provider of cloud-based spend management solutions? We’re a company that had a successful IPO in October 2016 (NASDAQ: COUP) to fuel our innovation and growth. At Coupa, we’re building a great company that is laser focused on three core values:

1. Ensure Customer Success – Obsessive and unwavering commitment to making customers successful.
2. Focus On Results – Relentless focus on delivering results through innovation and a bias for action.
3. Strive For Excellence – Commitment to a collaborative environment infused with professionalism, integrity, passion, and accountability.


    • Work with Coupa Pay engineering and PM teams and support them adopting and implementing software security practices and tools.
    • Be hands-on with Coupa Pay engineering projects, work with the technical team lead and the product owner to ensure good security outcomes as part of project success.
    • Shape the security of the overall Coupa Pay software architecture and evangelize security within the organization
    • Be a champion of Coupa’s Secure Software Development Lifecycle (SSDLC) methodologies
    • Mentor engineers and influence application architects when required to ensure security is baked in.
    • Participate in development and operational design reviews with a focus on application security
    • Design and develop common security components that could be leveraged across the platform and products. Implement application changes to meet security compliance requirements.
    • Track vulnerability reports and contribute security fixes
    • Develop best practices to ensure software security, functionality, usability, reliability and availability.
    • Work with project teams to design prototypes to validate security designs and solutions.
    • Evaluate new security technologies and make recommendations to strengthen our application
    • Build a relationship and communicate effectively with all stakeholders in the SDLC (e.g. Product, Engineering, Operations)


    • 5-6 years of experience as an application security architect in the fintech industry.
    • 7-8 years of direct architectural experience designing and deploying software applications with a focus on Application Security.
    • 3+ years of information security experience
    • Minimum of 10 years progressive work experience in software development and technical fields
    • Expertise in one or more of the following languages: Ruby, Go, Java, C++
    • Expertise in developing secure web applications or microservices 
    • Knowledge of common application security issues (e.g. OWASP Top 10) 
    • Knowledge of identity management tools, SAML, and SSO integrations
    • Knowledge of OAuth, client-server authentication, server-server authentication
    • Knowledge of different crypto-algorithms, such as DES, RSA, HMAC, SHA, etc.
    • Knowledge of compliance requirements: HIPAA, PCI, SOX, etc
    • Experience designing, estimating, and leading the implementation of complex systems
    • Experience working on an agile environment that follows Scrum or other agile methodologies
    • Proven understanding of software development best practices and design patterns
    • Demonstrated knowledge of security/access control, scalability, high availability, and concurrency
    • Experience working with SQL and NoSQL databases
    • Proven ability to work independently and take projects from development to delivery 
    • Self-motivated, passion for learning, strong communication skills
    • Bachelor's or Master's degree in Computer Science (or equivalent), or equivalent experience

Extra Consideration:

    • Presented security-related topics at conferences or meet-ups
    • Open source project contributions
At Coupa, we have a strong and innovative team dedicated to improving the spend management processes of today’s dynamic businesses. It’s our people who make it happen, and we strive to attract and retain the best in every discipline.

We take care of our employees every way we can, with competitive compensation packages, as well as restricted stock units, an Employee Stock Purchase Program (ESPP), comprehensive health benefits for employees and their families, a 401(k) match, a flexible work environment, no limit vacations for exempt employees, non-exempt employees are on an accrual basis for PTO, catered lunches…And much more!
As part of our dedication to the diversity of our workforce, Coupa is committed to Equal Employment Opportunity without regard for race, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity or religion.

Please be advised, inquiries or resumes from recruiters will not be accepted.