ezCater is the world’s largest online marketplace for catering – a $60+ billion market just in the U.S. Businesspeople use us to find and order great food for meetings and events; restaurants and caterers use us to grow their catering business. We’re backed by Insight Partners, Iconiq Capital, Wellington, Lightspeed, and GIC, and in early 2019 were valued at $1.25 billion. COVID slammed us, but we responded by finding new customer segments and seizing the rare opportunity COVID offered: when in life does a very successful operation get a do-over? Come help us power Food For Work even better than we did it the first time.

Security Engineering is tasked with developing security solutions that enable teams to move faster and safer in order to protect the trust of our customers and catering partners. As a part of the Security Engineering team, you will be directly interfacing with our product engineering, SRE, and other technology teams in order to help them achieve their objectives safely. 

As an engineering-focused function, you will be uncovering product vulnerabilities and cloud infrastructure misconfigurations through the use of automated tools, manual pen testing, and threat modeling. The role is a step above a traditional application security (appsec) role as it's focused on not just discovering the problem but working with and educating stakeholders on how to remediate and implement the safeguards to prevent it from happening again.

What you’ll do:

• Drive activities like application security training, requirements & standards, threat modeling, static & dynamic security testing, and so on, into ezCater’s development processes
• Identify, prioritize and promote security practices that create the most impact in reducing the overall security risk of the application
• Provide hands-on remediation guidance to development teams
• Develop and report metrics measuring the state of the application security program
• Manage the discovery, analysis, tracking, and remediation of vulnerabilities across multiple intakes. This includes leading Coordinated Vulnerability Disclosure, Penetration Testing, and technical Risk Assessment activities (internal and with external partners)
• Interface directly with and manage our managed vulnerability disclosure program
• Implement security safeguards into CI/CD pipeline, Jenkins ArgoCD, GitActions, Ect.
• Implement a scalable process from Threat Modeling to Penetration testing for a growing engineering function 
• Assist with, and in certain areas lead, a security champions program to implement security practices into the engineering culture

This is a great opportunity if you have:

• Supported and worked closely with Detection & Response teams
• Five (5) years as a developer/software engineer or three (3) years as an Application Security Engineer
• Worked as a penetration tester either in-house or in a consulting firm
• A Comfortable knowledge of AWS Infrastructure Security
• A curious, investigative mind (able to be "in the weeds"), but you are known for communicating complex ideas simply too technical, non-technical, and executive audiences.
• Proficient in Ruby on Rails and JavaScript is preferred. 

What you’ll get from us:

You’ll get a terrifically compelling opportunity, in an environment of radical transparency, open access to all the data, and collaborative colleagues at every level of our organization. You’ll also get sane working hours and great flexibility around work/life balance. 

Have people in your life – of any age – who always, often, or sometimes need your help? We make room for that. Have a bad thing or a good thing happen to you? We make room for that, too.

Oh, and you’ll get all this: Market salary, stock options that you’ll help make worth a lot, the usual holidays, all-you-can-eat vacation, 401K with ezCater match, health/dental/FSA, long-term disability insurance, remote-hybrid work from our awesome Boston or Denver offices OR your home OR a mixture of both home and office (you choose!), a tremendous amount of responsibility and autonomy, wicked awesome co-workers, cupcakes (and many more goodies) once we get back to our offices, and knowing that you helped get this rocket ship to the moon.

ezCater is an equal opportunity employer. We embrace humans of every background, appearance, race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, and disability status. At the same time, we do not employ jerks, even brilliant ones.

For information on how ezCater collects and uses job applicants' personal information, visit our Job Applicant Privacy Policy.