Senior Security Engineer II, Vulnerability Management

We're Cruise, a self-driving service designed for the cities we love.

We’re building the world’s most advanced, self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.

Cruisers have the opportunity to grow and develop while learning from leaders at the forefront of their fields. With a culture of internal mobility, there's an opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.

If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, join us.

About the Senior Security Engineer, Vulnerability Management role:

Cruise is looking for a leader to structure, maintain and mature the processes by which Cruise identifies, assesses, and reports security vulnerabilities across Cruise’s corporate assets and cloud infrastructure and applications.

The cornerstones of your success in the role are:

• Communication : you are able to condense important understanding around Cruise’s security risk into high signal-to-noise reporting made available to all levels of Cruise Security and Engineering leadership. 

• Conceptualization and creativity : you enjoy solving complex and persistent problems by translating high-level concepts (like an OLA / operating level agreement) into logical systems.

• People management and negotiation : you enjoy building and maintaining relationships in which negotiation is required to better understand the problem set, sort known from supposed causes and issues, and get to mutually understood terms and actions.

• Technical aptitude : you understand and are comfortable working within modern, cloud-native development and deployment workflows concepts including Container orchestration, Infrastructure as Code and CI/CD.

What you’ll be doing: 

• Work closely with system and platform owners to implement and maintain scanning capabilities, assess options for remediation of vulnerabilities, discuss reclassification of scan findings, and provide consultation on the nature and risk of vulnerabilities.

• Measure and report the remediation of vulnerabilities against Cruise’s security policies to Cruise’s Security and Engineering leadership to drive visibility and maturation of Cruise’s vulnerability management control.

• Utilize qualitative and quantitative measures to find sources of friction or sub-optimal outcome within our vulnerability management system

• Put together a maturity plan for several key capabilities within Cruise’s Vulnerability Management program.

• Create solutions that improve the efficiency of people / process / technology within the Vulnerability Management program

What you must have: 

• You have hands on experience working with public cloud infrastructure
  (GCP, Azure, AWS)

• You have significant experience administering and consuming the data from vulnerability management solutions (e.g. Tenable.io, Qualys, Nessus, Rapid 7, etc.)

• You have a strong grasp on security fundamentals and concepts.

• You are fluent with scripting and automation (Python, Ruby, Go, etc.)

• You regularly design, represent, and negotiate complex processes with stakeholders throughout your organization

• You have a demonstrable understanding of general Unix / Linux systems administration (e.g. Ubuntu, Red Hat, Solaris, etc.)

• You frequently work with, present to, and influence at all levels of the organization

Bonus points! 

• Experience working with cloud-native security solutions and tooling

• Experience working with BigQuery and Looker, or other data analytics and visualization tools

• Experience working with APIs

• Hold relevant security certifications, such as CISSP, CISA, GSEC etc.

• Experience with containerization and orchestration (e.g., Docker, Kubernetes)

• Experience working with IaC tools such as Terraform Enterprise

• Working knowledge of vulnerability and risk assessment (e.g. CVSSv3, etc.)

• Background or previous experience working with endpoint security systems

• Our benefits are here to support the whole you:
  • Competitive salary and benefits 
  • 401(k) Cruise matching program 
  • Medical / dental / vision, AD+D and Life
  • One Medical membership
  • Subsidized mental health benefits
  • Flexible vacation and company paid holidays
  • Healthy meals and snacks provided for non-remote employees
  • Paid parental, jury duty, bereavement, family care and medical leave
  • Fertility Benefits
  • Dependent Care Flexible Spending Account, subsidized by Cruise
  • Flexible Spending Account 
  • Monthly wellness stipend
  • Pre-tax Commuter Benefit Plan for non-remote employees
  • CruiseFlex - a working policy for US-Based Cruisers that lets you and your manager find what working style is best for you, whether it’s primarily in-person, primarily at home or a combination of home and in-office time.

• We’re Integrated
  • Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.

• We’re Funded
  • GM, Honda, Microsoft, T. Rowe Price & Walmart have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.

• We’re Independent
  • We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the edge of technology, but also define it.

• We’re Vested
  • You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow.
  • Recurring Liquidity Opportunity (RLO) - a unique equity program where employees, both current and former, have the option to sell any amount of their vested equity on a recurring basis, currently quarterly.

Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives. 

We seek applicants of all backgrounds and identities, across race, color, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.

Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email HR@getcruise.com.

We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.

Vaccine Mandate. 

At Cruise, we’re tasked with leading in the communities we serve — and doing our part to help keep our communities and our teams safe. Our #StaySafe culture transcends and informs all we do, and because of this, as of October 31, 2021 Cruise will be mandating COVID-19 vaccinations for all US-based Cruisers who need or want to access any of our US Cruise facilities and engage in any business travel — including attending any in-person Company-sponsored event. 

If you are unable to get a vaccine due to a medical condition, disability, or a strongly-held religious belief, Cruise will consider requests for an accommodation.

Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.