Security Engineer II- Penetration Testing
4 weeks ago
Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering plans of action for remediation, ultimately guiding our product security uplift activities. This is a unique opportunity for an experienced offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Grubhub Security to make real positive impacts to our security posture, and help us improve our security designs so that we can deliver trustworthy experiences across the entire Grubhub ecosystem.
This role is based in Chicago, IL and is required 2 days per week in the office.
The Impact You Will Make:
- You will enhance the overall security posture of Grubhub by identifying and mitigating security vulnerabilities proactively.
- Streamline security testing processes by automating penetration tests as part of the CI/CD pipeline, reducing manual effort and improving engineering operational excellence.
- Contribute to a culture of cybersecurity awareness and continuous improvement within the organization, enabling Grubhub to launch and sustain key business initiatives with minimal risk.
Key Responsibilities:
- Conduct white-box and gray-box offensive penetration testing against Grubhub’s mobile applications, front-end & back-end microservices and web services
- Conduct network infrastructure, Public Cloud (AWS, GCP and Azure), and data-layer offensive pen-testing in support of annual PCI-DSS requirements
- Perform security assessments on mobile application products and services.
- Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed
- Be a subject matter expert and ambassador to Grubhub Engineering for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security
- Perform any other application security or product security related activities or tasks as needed or directed
- Validate 3rd party external pen-test and crowd-sourced application security findings and work with our Appsec team to triage those across to our engineering teams
What You Bring To The Table:
- Bachelors degree in Computer Science, Information Technology, or related field (or equivalent experience).
- 3+ years of relevant engineering or security assessment experience
- Proven experience in manual penetration testing, including web applications, APIs, micro-services, networks, and cloud environments.
- A broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
- Intermediate-level experience with Java, Go, or Python with demonstrable experience in conducting code reviews to identify security deficiencies at the code-level.
- Ability to create and write scripts to automate redundant activities
- Familiarity with security testing tools such as Burp Suite, Nmap, etc.
- Strong understanding of CI/CD pipelines and experience with integrating security testing into automated build processes.
- Knowledge of security controls (like EDR) evasion techniques and ability to apply that knowledge as part of an advanced security assessment.
- Working familiarity with version control systems (Git) and issue tracking tools (Jira) and ability to define + support your commitments within an Agile working model.
- Ability to create written work product, detailed technical findings documents, and pen-test reports.
- Great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry.
- Excellent communication skills and ability to work collaboratively in a team environment.
- Ability to fully participate in our on-call rotation as a service owner
Preferred Qualifications:
- A pen-test certification such as Offensive Security Certified Professional (OSCP), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, eWAPT, eMAPT and/or willing to work towards ultimately obtaining one within the first year as part of your career path
And Of Course, Perks
- Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
- Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
- Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs.
- Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
- Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.
-
Security Engineer II- Penetration Testing
1 week ago
Chicago, Illinois, United States Grubhub Full timeAbout The Opportunity We're all about connecting hungry diners with our network of over 300,000 restaurants nationwide. Innovative technology, user-friendly platforms and streamlined delivery capabilities set us apart and make us an industry leader in the world of online food ordering. When you join our team, you become part of a community that works...
-
Security Engineer II- Penetration Testing
3 weeks ago
Chicago, Illinois, United States Grubhub Full timeAbout The Opportunity We're all about connecting hungry diners with our network of over 300,000 restaurants nationwide. Innovative technology, user-friendly platforms and streamlined delivery capabilities set us apart and make us an industry leader in the world of online food ordering. When you join our team, you become part of a community that works...
-
Chicago, United States Motion Recruitment Full timeA global law firm is looking for a Vulnerability Assessment and Penetration Testing Engineer to join their team. Ideal candidate will have a commanding knowledge of penetration testing concepts and best practices, including the requirements for WhiteHat/ethical hacking. This is a great opportunity for someone with strong leadership and problem-solving...
-
Chicago, United States Motion Recruitment Full timeA global law firm is looking for a Vulnerability Assessment and Penetration Testing Engineer to join their team. Ideal candidate will have a commanding knowledge of penetration testing concepts and best practices, including the requirements for WhiteHat/ethical hacking. This is a great opportunity for someone with strong leadership and problem-solving...
-
Security Penetration Tester
4 weeks ago
Chicago, United States Cigniti Technologies Inc Full timeJOB DETAILS: Job Title: Security Penetration TesterLocation : 333 S Wabhash Ave Chicago IL 60604Job Model: 100% Onsite JobOpenings: 1Hiring Type: Video CallIf interested, Please share your updated resume. Will discuss in detail.JD: Over all 10+ Yrs of experience in Software TestingOverall 7-8 Years of exp in Security Penetration testingUnderstand the scope/...
-
Penetration Tester
2 weeks ago
Chicago, United States Experis Full timeJefferson Wells is seeking Penetration Testers! Penetration Testing consultants are needed to partner with our clients to perform security vulnerability assessments. Engagements may include an individual environment, or a combination of environments, including network, system, wireless, or mobile and applications that are web-based, server-based mobile or...
-
Penetration Tester
4 weeks ago
Chicago, United States Experis Full timeJefferson Wells is seeking Penetration Testers! Penetration Testing consultants are needed to partner with our clients to perform security vulnerability assessments. Engagements may include an individual environment, or a combination of environments, including network, system, wireless, or mobile and applications that are web-based, server-based mobile or...
-
Penetration Tester
1 week ago
Chicago, United States Manpower Group Inc. Full timeJefferson Wells is seeking Penetration Testers! Penetration Testing consultants are needed to partner with our clients to perform security vulnerability assessments. Engagements may include an individual environment, or a combination of environments, including network, system, wireless, or mobile and applications that are web-based, server-based mobile or...
-
Penetration Tester
3 weeks ago
Chicago, United States Control Risks Full timeControl Risks Control Risks is the specialist global risk consultancy that helps organisations succeed in a volatile world. Find out more. View company pageThis position may be based in Chicago, Houston, or Washington DC.This role will work with a team of cyber security consultants to help assess and test various controls within our clients network to...
-
Penetration Tester
1 week ago
Chicago, United States Control Risks Full timeControl Risks Control Risks is the specialist global risk consultancy that helps organisations succeed in a volatile world. Find out more. View company pageThis position may be based in Chicago, Houston, or Washington DC.This role will work with a team of cyber security consultants to help assess and test various controls within our clients network to...
-
Cybersecurity Test Engineer
4 weeks ago
Chicago, United States Patterned Learning AI Full timeJob Description Cybersecurity Test Engineer - Remote Job, 1+ Year Experience Annual Income: $60K - $65K, Onsite A valid work permit is necessary in the US/Canada About us: Patterned Learning is a platform that aims to help developers code faster and more efficiently. It offers features such as collaborative coding, real-time multiplayer editing, and the...
-
Penetration Tester
6 days ago
Chicago, United States Control Risks Full timeThis position may be based in Chicago, Houston, or Washington DC. This role will work with a team of cyber security consultants to help assess and test various controls within our clients' network to evaluate and determine compliance with the company's security requirements. The successful candidate will understand cloud, networking, engineering and/or...
-
Associate Cybersecurity Engineer
3 weeks ago
Chicago, United States Evolve Security Full timeJob DescriptionJob DescriptionWhat will you be doing?Evolve Security is looking for an Web and Mobile Application focused Associate Cybersecurity Engineer to join our growing team. This position will assist with the overall successful delivery of various application vulnerability assessments, continuous internal / external penetration assessments, incident...
-
Associate Cybersecurity Engineer
1 week ago
Chicago, United States Evolve Security Full timeJob DescriptionJob DescriptionWhat will you be doing?Evolve Security is looking for an Web and Mobile Application focused Associate Cybersecurity Engineer to join our growing team. This position will assist with the overall successful delivery of various application vulnerability assessments, continuous internal / external penetration assessments, incident...
-
Associate Cybersecurity Engineer
4 days ago
Chicago, United States Evolve Security Full timeWhat will you be doing?Evolve Security is looking for an Web and Mobile Application focused Associate Cybersecurity Engineer to join our growing team. This position will assist with the overall successful delivery of various application vulnerability assessments, continuous internal / external penetration assessments, incident response and detection...
-
Security Engineer III
2 months ago
Chicago, United States Paragontech Full timeIf you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Security Engineer III Full Time Scott AFB, IL, US 9 days ago Requisition ID: 1071 The Security Engineer III provides technical support in the areas of vulnerability assessment, risk assessment, network...
-
Security Engineer III
2 weeks ago
Chicago, United States Paragontech Full timeIf you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process. Security Engineer III Full Time Scott AFB, IL, US 9 days ago Requisition ID: 1071 The Security Engineer III provides technical support in the areas of vulnerability assessment, risk assessment, network...
-
Physical Penetration Tester
1 week ago
Chicago, United States ACL Digital Full timePhysical Penetration Tester Onsite at New York, NY - Must travel to 3 sites. Long term contract Need to have network and wireless skills. Requirements: Review of site blueprints and existing security policies for each location Public information gathering about each facility Physical surveillance of each site to identify security measures and potential...
-
Security Engineer with Security Clearance
3 weeks ago
Chicago, United States TEKsystems co Allegis Group Full timeYou will need to login before you can apply for a job. Security Engineer with Security Clearance Top Skills' Details 1. Secret clearance 2. IAT level III cert 3. 1–4 years for RMF, eMass Job Description The Security Engineer III provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and...
-
Security Engineer with Security Clearance
2 weeks ago
Chicago, United States TEKsystems co Allegis Group Full timeYou will need to login before you can apply for a job. Security Engineer with Security Clearance Top Skills' Details 1. Secret clearance 2. IAT level III cert 3. 1–4 years for RMF, eMass Job Description The Security Engineer III provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and...
