Staff Application Security Engineer

San Francisco, CA

Cruise LLC logo
Cruise LLC
Apply now Apply later

Posted 1 month ago

We're Cruise, a self-driving service designed for the cities we love.

We’re building the world’s most advanced, self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.

Cruisers have the opportunity to grow and develop while learning from leaders at the forefront of their fields. With a culture of internal mobility, there's an opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.

If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, join us.

Cruise is looking for a Staff Application Security Engineer to help us secure Cruise engineered systems from Mobile apps to APIs and Remote Assistance systems. In this position you will bring a deep well of Application Security experience to develop security requirements, build libraries and automation around security detections plus dive deep into assessing the architecture and threats posed to business critical systems driving the cutting edge future of self-driving cars.

If you’re interested in being a technical leader of cross functional security and a member of a fast paced, engineering driven security team that is driven to put fleets of autonomous cars on the road; let’s chat!

What you’ll be doing:
  • Lead detailed reviews ranging from architectural design to threat modeling and source code level assessments, provide meaningful recommendations to make our products more secure
  • Collaborate closely with engineering and security teams on security focused code reviews and implementation of security standard methodologies in essential systems
  • Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that focus on meaningful and measurable improvements
  • Advocate for security within the engineering organization in order to deliver the most secure autonomous vehicle platform
  • Be capable of prioritizing security efforts as well as help teams understand prioritization of performing security mitigation work
  • Writing code for security detections utilizing one of our frameworks(ex. Semgrep & Nuclei) including custom code
What you must have:
  • Extensive experience in the application security space; securing complex interconnected web services/applications and their architectures using Golang, Python and/or Node.js
  • Strong communication skills, experience with writing security designs and requirements
  • A track record of leading vulnerability discovery, analysis and remediation
  • Proficiency in at least one popular programming language(Javascript/Typescript, Go, C/C++, Python)
  • A broad and practical understanding of web service & client security fundamentals and their application
  • Experience using a variety of static and dynamic security tools
  • Practical knowledge and experience working in public cloud environments (AWS, GCP, etc.)
Bonus Points!
  • Contributions to the security community (open source, public research, blogging, presentations, etc)
  • Prior software engineering experience (Go, C/C++, Node.js, Python)
  • Prior experience as a security consultant
Why Cruise?
  • Our benefits are here to support the whole you:
    • Competitive salary and benefits 
    • 401(k) Cruise matching program 
    • Medical / dental / vision, AD+D and Life
    • One Medical membership
    • Flexible vacation and company paid holidays
    • Healthy meals and snacks provided for non-remote employees
    • Paid parental leave
    • Fertility Benefits 
    • Dependent Care Flexible Spending Account, subsidized by Cruise
    • Flexible Spending Account 
    • Monthly wellness stipend
    • Pre-tax Commuter Benefit Plan for non-remote employees
  • We’re Remote Friendly
    • We believe that your value to the team can be provided at a Cruise office or from the comfort of your home. Depending on your function, enjoy the flexibility of remote work and join our growing community of remote employees in the continental United States.
  • We’re Integrated
    • Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.
  • We’re Funded
    • GM, Honda, Microsoft, SoftBank, & T. Rowe Price, have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.
  • We’re Independent
    • We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the edge of technology, but also define it.
  • We’re Vested
    • You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow.

Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives. 

We seek applicants of all backgrounds and identities, across race, color, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.

Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email

We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.

Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.

Job tags: Architecture Automation AWS C Go JavaScript Node.js Open Source Python TypeScript
Job region(s): North America
Job stats:  8  2  0
  • Share this job via
  • or