Security Engineer, Application Security

Job description

Turo is searching for a highly motivated and versatile Security Engineer to join our IT & Security governance team. Under the guidance of the Senior Director, Enterprise IT & Security and with a dotted line to our Sr. Security Engineer, Team Lead - you will be relied upon to provide engineering and product teams with security expertise necessary to confident product decisions. Additionally, you will work in depth with other internal teams within Turo to ensure Turo meets our Security, Privacy and Compliance commitments. You'll work closely with counterparts in IT and Engineering teams to ensure our applications and services are designed and implemented with having security builtin to the highest standards. 

If you enjoy analyzing the security of applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security audits, risk analysis, vulnerability testing and security reviews across all elements of this project's software systems.

What You’ll Do:

• Engage with cross platform teams across Turo to understand the Security, Privacy and Compliance aspects of the business with risks associated with third parties.
• Lead external bug bounty program to triage identified bugs and work with engineering and product teams on remediation.
• Advocate secure design principles, secure coding practices to Engineering teams and undertake secure coding best practices training with groups of developers.  
• Help establish a Secure Software Development LifeCycle to incorporate design and code reviews of our product.
• Work on developing your own small tools and scripts to aid Engineering teams build applications in a secure way, assess application security risks at runtime. 
• Identify gaps in apps and services lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
• Threat model current, new applications and features along with existing and new third-party integrations to identify and quantify threats and recommend remediation methods.
• Assist in Security Incident Response as needed. 
• Bring your creativity to bear by proposing innovative approaches and emerging technologies to help solve security compliance challenges.
• Stay up to date on emerging information technology trends and security standards.

Desired Competencies and Experience

Successful candidates will have:

• 2+ years of experience in Security Engineering or Software Development.
• A BS or MS in Computer Science, Information Systems, Engineering, or Cybersecurity or Information Assurance or equivalent industry experience.
• Knowledge of application security, system security, secure system design/SecSDLC, secure coding best practices, common attack patterns and exploitation techniques.
• Experience with web application security testing tools such as Burp Suite.
• Experience working on cloud infrastructure, especially AWS and its Security services suite
• Experience building out integrations with open source scanners and/or vendor products.
• Solid understanding or experience working in containerized environments and familiarity with GitOps flow
• Solid understanding of programming and scripting with expertise in at least one of Python, Go, NodeJS Java, Kotlin, C/C++/C#
• The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
• Real passion for technology and desire to build tooling from ground-up and to tackle complex problems with creative solutions.
• The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
• Strong presentation, facilitation, and written/verbal communication skills

 Benefits:

• Competitive salary and equity for all full-time employees
• $1200 a year in Turo credit to book cars from the Turo platform
• $600 annual stipend to be used toward purchases from 130+ best in class vendors (and growing) for travel, entertainment, food, family and wellbeing (think Netflix, Doordash, Ancestry.com, etc.)
• Employer-paid medical, dental, vision insurance, and 401k match
• Flexible paid time off, paid holidays, paid volunteer time off, and paid parental leave
• $1500 Turo host matching and $1000 vehicle reimbursement program
• $2000 per year professional development allowance

About Turo

Turo is the world’s largest car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, and the UK. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership. A pioneer of the sharing economy and the travel industry, Turo is a safe, supportive community where the car you book is part of a story, not a fleet. Discover Turo at https://turo.com, the App Store, and Google Play, and check out our blog, Field Notes.  

Turo has raised $450M to date from top-tier investors, including IAC, Daimler AG, Kleiner Perkins, GV, Canaan Partners, August Capital, and Shasta Ventures. 

Turo cultivates a tight-knit team of smart, critical thinkers who care about their work and their colleagues. Our recruiting team is always on the lookout for supportive, down-to-earth, pioneering, and efficient candidates to grow our team's talent and enrich our culture.

Read more about the Turo culture according to Turo CEO, Andre Haddad.

We're an equal opportunity employer and value diversity at our company. We don't discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. When in doubt, please apply!

#LI-EG1