Skip to main content
Groupon Tech and Product Team
R26810

Manager of Application Security

Description

Open to Remote Anywhere in the U.S

Groupon is an experiences marketplace that brings people more ways to get the most out of their city or wherever they may be. By enabling real-time mobile commerce across local businesses, live events and travel destinations, Groupon helps people find and discover experiences––big and small, new and familiar––that make for a full, fun and rewarding life. Groupon helps local businesses grow and strengthen customer relationships––resulting in strong, vibrant communities. Even with thousands of employees spread across multiple continents, we still maintain a culture that inspires innovation, rewards risk-taking and celebrates success.

Groupon is a "best of both worlds" kind of company big enough to have resources and scale, but small enough that a single person has a surprising amount of autonomy and can make a meaningful impact. We're curious, fun, a little intense, and kind of obsessed with helping local businesses thrive. Does that sound like a compelling place to work?

Groupon’s Application Security team is looking for someone who can drive the appsec program with a proven track record of solving business needs with technology. The right candidate will leverage their technical and professional experience to enhance processes designed to provide assurance and strong feedback to developers to remediate insecure code and vulnerabilities in the shortest amount of time. 

This Application Security Manager will be required to possess a strong sense of ownership while providing guidance on secure code practices to Engineering teams. They will be tasked with implementing scalable quality gates across Groupon’s software development pipeline while ensuring processes are automated, measurable, and integrated into all future software development pipeline iterations.

You’ll spend time on the following:

  • Design and implement a roadmap for continuous improvement across CI/CD pipelines through automation.

  • Develop tools for code analysis, dependency tracking and vulnerability analysis, secret storage, etc.

  • Provide leadership with secure coding practices and implement benchmarks and metrics to gauge organizational effectiveness.

  • Continuously integrate a code-based infrastructure with secure development processes

  • Lead with transparency around meeting organizational OKRs as well as mentor and provide constructive career development feedback.

  • Build relationships and be a leader to teams of talented engineers who like to secure applications and tackle hard security engineering problems

  • Work closely with internal leadership teams in a collaborative environment to ensure that security awareness and issues are communicated effectively

  • Mentor employees via secure code development training

  • Be an ambassador for the team to assist with the ongoing integration of the Application Security team with other business units within Groupon


We’re excited about you if you have:

  •  5+ years in software development and/or DevOps, ideally using Java, Python, Ruby, Node.js, and C#.

  • 2+ years of experience implementing quality gates across CI/CD pipelines with a proven track record of efficiency and feedback improvements to development teams

  • Experience securing applications in cloud environments (AWS, GCP, Azure, etc) via CloudFormation and/or Terraform including containerized services

  • Experience designing and implementing modern secrets storage methodologies across cloud environments.

  • Strong experience doing threat modeling, code review, protocol analysis, cryptography, and penetration testing against cloud environments and/or mobile (iOS/Android)

  • Experience guiding teams through planning, prioritization, and execution of work including the ability to write and review code with colleagues, each with different priorities, backgrounds, and abilities

  • Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies

  • Knowledge across multiple security disciplines and regulatory/compliance frameworks (PCI, SOX, ISO27000, NIST, CIS, etc)

  • Knowledge of the passcode to the air shield 

We value engineers who are:

  • Customer-focused: We believe that doing what’s right for the customer is ultimately what will drive our business forward.

  • Obsessed with quality: Your production code just works & scales linearly

  • Able to thrive in ambiguity while working independently with minimal supervision

  • Team players. You believe that more can be achieved together. You listen to feedback and also provide supportive feedback to help others grow/improve.

  • Pragmatic: We do things quickly to learn what our customers desire. You know when it’s appropriate to take shortcuts that don’t sacrifice quality or maintainability.

  • Owners: Engineers at Groupon know how to positively impact the business.

  • Excellent communication, organizational, and analytical skills

  • Ability to interact professionally with senior leadership and can articulate key messages to a range of technical and non-technical audiences

  • Results-oriented, high energy, self-motivated with a high degree of self-sufficiency, ownership, and pride of deliverables

#LI-Remote


Groupon’s purpose is to build strong communities through thriving small businesses. To learn more about the world’s largest local ecommerce marketplace, click here for the latest Groupon news. Plus, be sure to check out the values that shape our culture, guide our strategy and make our company a great place to work. And just don’t take our word for it. Hear from real Groupon team members, learn more about our inclusive employee groups, and check out our benefits. If all of this sounds like something that’s a great fit for you, then click apply and let’s see where this takes us.

Groupon is an Equal Opportunity Employer

Qualifications for employment, promotion, and other terms and conditions of employment are based upon the ability to perform the job. Equal-employment opportunities are provided to all applicants and employees without regard to race, creed, religion, color, age, national origin, sex, disability, medical condition, sexual orientation, gender identity or expression, genetic information, ancestry, marital status, military discharge status (excluding dishonorable discharge), veteran status, citizenship status, or other legally protected status. We are all responsible for maintaining this policy. Groupon is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may email us at hraccommodations at groupon.com. If you have concerns related to Groupon’s equal employment opportunities, you may contact Groupon’s Ethics Reporting Service Ethicspoint.

Stay in the Group

Not seeing your next role, or not the right time to apply? Sign up for our talent community and stay up to date with careers at Groupon.

Join Now