Security Engineer II- Penetration Testing

3 weeks ago

chicago, United States Grubhub Full time

Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define pen-test scope, lead assessment engagements, and map assessment findings into engineering plans of action for remediation, ultimately guiding our product security uplift activities. This is a unique opportunity for an experienced offensive pen-tester who is collaborative, and has a healthy sense of curiosity to join Grubhub Security to make real positive impacts to our security posture, and help us improve our security designs so that we can deliver trustworthy experiences across the entire Grubhub ecosystem.


This role is based in Chicago, IL and is required 2 days per week in the office.


The Impact You Will Make:

  • You will enhance the overall security posture of Grubhub by identifying and mitigating security vulnerabilities proactively.
  • Streamline security testing processes by automating penetration tests as part of the CI/CD pipeline, reducing manual effort and improving engineering operational excellence.
  • Contribute to a culture of cybersecurity awareness and continuous improvement within the organization, enabling Grubhub to launch and sustain key business initiatives with minimal risk.


Key Responsibilities:

  • Conduct white-box and gray-box offensive penetration testing against Grubhub’s mobile applications, front-end & back-end microservices and web services
  • Conduct network infrastructure, Public Cloud (AWS, GCP and Azure), and data-layer offensive pen-testing in support of annual PCI-DSS requirements
  • Perform security assessments on mobile application products and services.
  • Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed
  • Be a subject matter expert and ambassador to Grubhub Engineering for secure coding practices, penetration testing, mobile platform security and all aspects of application and product security
  • Perform any other application security or product security related activities or tasks as needed or directed
  • Validate 3rd party external pen-test and crowd-sourced application security findings and work with our Appsec team to triage those across to our engineering teams


What You Bring To The Table:

  • Bachelors degree in Computer Science, Information Technology, or related field (or equivalent experience).
  • 3+ years of relevant engineering or security assessment experience
  • Proven experience in manual penetration testing, including web applications, APIs, micro-services, networks, and cloud environments.
  • A broad knowledge of attack vectors, exploits and mitigations that work at scale or may be linked together for chained attacks
  • Intermediate-level experience with Java, Go, or Python with demonstrable experience in conducting code reviews to identify security deficiencies at the code-level.
  • Ability to create and write scripts to automate redundant activities
  • Familiarity with security testing tools such as Burp Suite, Nmap, etc.
  • Strong understanding of CI/CD pipelines and experience with integrating security testing into automated build processes.
  • Knowledge of security controls (like EDR) evasion techniques and ability to apply that knowledge as part of an advanced security assessment.
  • Working familiarity with version control systems (Git) and issue tracking tools (Jira) and ability to define + support your commitments within an Agile working model.
  • Ability to create written work product, detailed technical findings documents, and pen-test reports.
  • Great interpersonal skills, deep technical ability, and a history of successful execution in the assessments industry.
  • Excellent communication skills and ability to work collaboratively in a team environment.
  • Ability to fully participate in our on-call rotation as a service owner


Preferred Qualifications:

  • A pen-test certification such as Offensive Security Certified Professional (OSCP), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN, eWAPT, eMAPT and/or willing to work towards ultimately obtaining one within the first year as part of your career path


And Of Course, Perks

  • Flexible PTO. Grubhub employees enjoy a generous amount of time to recharge.
  • Health and Wellness. Excellent medical, dental and vision benefits, 401k matching, employee network groups and paid parental leave are just a few of our programs to support your overall well-being.
  • Compensation. You'll receive a highly-competitive compensation package with eligibility for generous incentives, bonuses, commission, and RSUs.
  • Free Meals. Our employees get a weekly Grubhub credit to enjoy and support local restaurants.
  • Social Impact. We believe in giving back through programs like the Grubhub Community Relief Fund, and provide our employees opportunities to support causes that are important to them.



Grubhub is an equal opportunity employer. We welcome diversity and encourage a workplace that is just as diverse as the customers we serve. We evaluate qualified applicants without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics. If you’re applying for a job in the U.S. and need a reasonable accommodation for any part of the employment process, please send an email to TalentAcquisition@grubhub.com and let us know the nature of your request and contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address.


If you are a resident of the State of California and would like a copy of our CA privacy notice, please email privacy@grubhub.com.

  • Security Engineer II- Penetration Testing

    4 months ago

    Chicago, United States Grubhub Full time

    Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define...

  • Security Engineer II- Penetration Testing

    4 weeks ago

    Chicago, United States Grubhub Full time

    Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define...

  • Security Engineer II

    4 weeks ago

    Chicago, Illinois, United States Grubhub Full time

    About the RoleWe are seeking a highly skilled Penetration Tester to join our Product Security organization at Grubhub. As a key member of our team, you will play a critical role in building our Offensive Testing & Adversary Emulation capabilities.Key ResponsibilitiesConduct white-box and gray-box offensive penetration testing against Grubhub's mobile...

  • Security Engineer II

    5 days ago

    Chicago, Illinois, United States Grubhub Full time

    Job Title: Security Engineer II - Penetration TestingGrubhub's Product Security organization is seeking a skilled Penetration Tester to contribute to the development of our Offensive Testing & Adversary Emulation capabilities. As a key member of our team, you will conduct offensive pen-testing activities against our microservices, applications,...

  • Security Penetration Tester

    3 weeks ago

    Chicago, Illinois, United States Grubhub Full time

    Grubhub Security Penetration TesterGrubhub's Product Security organization is seeking a skilled Security Penetration Tester to enhance our Offensive Testing & Adversary Emulation capabilities. As a key member of our team, you will conduct offensive pen-testing activities against our microservices, applications, infrastructure, and data-layer systems. Your...

  • Security Penetration Tester

    3 weeks ago

    Chicago, Illinois, United States Grubhub Full time

    About the RoleGrubhub's Product Security organization is seeking a skilled Penetration Tester to enhance our Offensive Testing & Adversary Emulation capabilities. As a key member of our team, you will conduct offensive pen-testing activities against our microservices, applications, infrastructure, and data-layer systems. Your primary task will be to identify...

  • Security Penetration Tester

    4 weeks ago

    Chicago, Illinois, United States Grubhub Full time

    About the RoleWe are seeking a highly skilled Security Penetration Tester to join our Product Security organization at Grubhub. As a key member of our team, you will play a critical role in building our Offensive Testing & Adversary Emulation capabilities.Key ResponsibilitiesConduct white-box and gray-box offensive penetration testing against Grubhub's...

  • Principal Security Assurance

    3 weeks ago

    Chicago, United States Request Technology Full time

    NO SPONSORSHIPSecurity Assurance EngineerSALARY: $150K - $165K PLUS 15% BONUS LOCATION: CHICAGOHybrid 3 days onsite and 2 days remote You will be responsible for security testing, configuration, baseline process and perform a variety of assessments. loud assessments, light penetration testing, network operating, system assessments testing. blue team...

  • Principal Security Assurance

    3 weeks ago

    chicago, United States Request Technology Full time

    NO SPONSORSHIPSecurity Assurance EngineerSALARY: $150K - $165K PLUS 15% BONUS LOCATION: CHICAGOHybrid 3 days onsite and 2 days remote You will be responsible for security testing, configuration, baseline process and perform a variety of assessments. loud assessments, light penetration testing, network operating, system assessments testing. blue team...

  • Principal Security Assurance

    3 weeks ago

    Chicago, United States Request Technology Full time

    NO SPONSORSHIPSecurity Assurance EngineerSALARY: $150K - $165K PLUS 15% BONUS LOCATION: CHICAGOHybrid 3 days onsite and 2 days remote You will be responsible for security testing, configuration, baseline process and perform a variety of assessments. loud assessments, light penetration testing, network operating, system assessments testing. blue team...

  • Penetration Tester

    5 days ago

    Chicago, Illinois, United States Experis Full time

    Job Title: Penetration TesterWe are seeking a skilled Penetration Tester to join our team at Experis. As a Penetration Tester, you will be responsible for conducting vulnerability assessments and penetration tests to identify and exploit security weaknesses in our clients' systems and networks.Key Responsibilities:Conduct formal vulnerability assessments and...

  • Penetration Tester

    6 days ago

    Chicago, Illinois, United States Experis Full time

    Job Title: Penetration TesterWe are seeking a skilled Penetration Tester to join our team at Experis. As a Penetration Tester, you will be responsible for conducting vulnerability assessments and penetration tests to identify and exploit security weaknesses in our clients' systems and networks.Key Responsibilities:Conduct formal vulnerability assessments and...

  • Information Security Engineer

    2 months ago

    Chicago, United States Grubhub Full time

    Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define...

  • Information Security Engineer

    2 months ago

    Chicago, United States Grubhub Full time

    Grubhub’s Product Security organization is looking for a Penetration Tester to help build our Offensive Testing & Adversary Emulation capabilities. Your primary task will be to conduct offensive pen-testing activities against our microservices, applications, infrastructure and data-layer systems. You will work closely with our engineering groups to define...

  • Principal Security Engineer

    3 weeks ago

    Chicago, Illinois, United States CIRCLE Full time

    About CircleCircle is a financial technology company at the forefront of the emerging internet of money, where value can flow freely and securely. Our mission is to create an inclusive financial future, with transparency at our core.Job SummaryWe are seeking a highly skilled Principal Security Engineer to join our team. As a key member of our Security...

  • Security Engineer

    2 weeks ago

    chicago, United States Request Technology, LLC Full time

    Security EngineerSalary: Open + BonusLocation: Chicago, IL or Dallas, TXHybrid: 3 days onsite, 2 days remote*We are unable to provide sponsorship for this role*QualificationsBachelor’s degree3+ years of experience with Security Engineering activities and testing.1-2 years of experience with DevOps processes1-2 years of experience with AWS architecture and...

  • Security Engineer

    2 weeks ago

    Chicago, United States Request Technology, LLC Full time

    Security EngineerSalary: Open + BonusLocation: Chicago, IL or Dallas, TXHybrid: 3 days onsite, 2 days remote*We are unable to provide sponsorship for this role*QualificationsBachelor’s degree3+ years of experience with Security Engineering activities and testing.1-2 years of experience with DevOps processes1-2 years of experience with AWS architecture and...

  • Security Engineer

    2 weeks ago

    Chicago, United States Request Technology, LLC Full time

    Security EngineerSalary: Open + BonusLocation: Chicago, IL or Dallas, TXHybrid: 3 days onsite, 2 days remote*We are unable to provide sponsorship for this role*QualificationsBachelor’s degree3+ years of experience with Security Engineering activities and testing.1-2 years of experience with DevOps processes1-2 years of experience with AWS architecture and...

  • IT Security Engineer

    3 weeks ago

    Chicago, United States VelocityEHS Full time

    THE OPPORTUNITY:This remote opportunity is open to candidates residing anywhere in the United States or Canada. The IT Security Engineer is a dynamic role responsible for fielding and monitoring network and security-related tickets while also assisting with compliance tasks. This role plays a pivotal role in protecting data and infrastructure. The IT...

  • Senior Security Engineer

    4 months ago

    Chicago, United States Bank of America Full time

    Description : The Information Security Engineer will lead strategic security efforts to expand technology offerings within the Merchant and Small Business technology portfolio. This role will work across various security and technology teams to define, drive, and deliver major security components to meet program objectives. Knowledge and experience...