Lead Application Security Engineer - 11006
About The Position
We are looking for an extremely talented Lead Application Security Engineer to join our Application Security Team. You will be part of a global agile group that is responsible for building the best-in-class SaaS platform, deployment infrastructure, and services. The position will require a candidate to drive security architecture, perform design and threat modeling reviews, and design, develop, maintain, and scale Coupaâs security features and application security tooling. This role is critical in ensuring the security of our cutting-edge, highly scalable platform, including the review and guidance for new technological domains such as Artificial Intelligence (AI) and Machine Learning (ML) systems.
Requirements
- Leadership & Experience: 2+ years as a Lead Software Engineer or Lead AppSec Engineer; able to independently drive projects from design through delivery.
- Technical Expertise: Strong in Java, .NET, or Python; experienced building secure web applications/microservices and designing complex, distributed systems.
- Security Architecture & Threat Modeling: Skilled in formal security architecture/design reviews and threat modeling methods (STRIDE, DREAD).
- Security Foundations: Deep knowledge of OWASP Top 10, SANS Top 25, identity and access management (SAML, OIDC, SSO), OAuth flows, and core cryptographic algorithms (DES, RSA, HMAC, SHA, etc.).
- Systems & Development Practices: Familiar with design patterns, scalability, high availability, concurrency, and SQL/NoSQL databases; strong communication, self-motivation, and continuous learning mindset.
Nice To Haves
- Background in AI/ML security (MLOps, adversarial robustness), compliance frameworks (HIPAA, PCI, SOX, FedRAMP), plus conference presentations or open-source contributions.
Responsibilities
- Expand the application security landscape at Coupa
- Being a hands-on developer is a key responsibility in this role, with strong proficiency in secure coding practices
- Strong software development skills in languages such as Java, .Net, and Python
- Ability to perform code reviews and mentor junior team members
- Passion for building security-focused features that perform at scale
- Track vulnerability reports and contribute security fixes
- Design and implement application changes to meet security compliance requirements
- Lead and execute Security Architecture Reviews, Threat Modeling, and Design Reviews for new and existing platform components to proactively identify and mitigate security risks.
- Conduct Security Reviews for AI/ML models and systems, addressing unique risks associated with data integrity, model poisoning, privacy, and adversarial attacks.
- Evaluate new security technologies and make recommendations to strengthen our application
- Be a champion of Coupaâs Secure Software Development Lifecycle (SSDLC) methodologies, integrating security earlier into the development pipeline.
- Work closely with the Operations Security team to review and define our best practices
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
1,001-5,000 employees
