Application Security Engineer
San Francisco, CA, United States
As the world largest car sharing marketplace, Turo is growing and hiring talent in the US, Canada,United Kingdom, France, and Australia. Our collaborative teams encourage you to be curious and bring new ideas that will drive our company’s mission. Turo prides itself on its culture that celebrates diversity and gives everyone space to learn and grow.
About the team:
Turo is searching for a highly motivated and versatile Security Engineer to join our IT & Security governance team. You will be relied upon to provide engineering and product teams with security expertise necessary to confident product decisions. You'll work closely with counterparts in IT and Engineering teams to ensure our applications and services are designed and implemented with having security builtin to the highest standards.
If you enjoy analyzing the security of applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security and architecture reviews for new and existing features, vulnerability testing, internal and external pentests across all elements of Turo’s systems.
What you will do:
- Lead external bug bounty program to triage identified bugs and work with engineering and product teams on remediation.
- Advocate secure design principles, secure coding practices to Engineering teams and undertake secure coding best practices training with groups of developers.
- Evangelize Software Development LifeCycle to incorporate design and code reviews of our product.
- Work on developing & maintaining existing tools to aid Engineering teams build applications in a secure way, assess application security risks at runtime.
- Identify gaps in apps and services lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
- Maintain and manage internal SAST tooling by ensuring code coverage for all repos, maintain existing rulesets, write custom rules to reduce false positives and drive security awareness and adoption into SDLC.
- Threat model current, new applications and features along with existing and new third-party integrations to identify and quantify threats and recommend remediation methods.
- Assist in improving security of new business units by analyzing current security risks, creating security processes and onboarding security tools
- Assist in Security Incident Response as needed.
- Bring your creativity to bear by proposing innovative approaches and emerging technologies to help solve security compliance challenges.
- Stay up to date on emerging information technology trends and security standards.
- 3+ years of experience in Security Engineering or Software Development.
- A BS or MS in Computer Science, Information Systems, Engineering, or Cybersecurity or Information Assurance or equivalent industry experience.
- Experience in exploiting common attack patterns and exploitation techniques on web applications, threat modeling, OWASP Top 10, and secure architecture review.
- Experience with web application security testing tools such as Burp Suite, open source scanners and/or vendor products.
- Experience developing software ideally in Python, Java and Kotlin
- Strong understanding of web and mobile application security.
- Experience working on cloud infrastructure, especially AWS and its Security services suite
- Solid understanding or experience working in containerized environments and familiarity with GitOps flow
- The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
- Real passion for technology and desire to build tooling from ground-up and to tackle complex problems with creative solutions.
- The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
- Strong presentation, facilitation, and written/verbal communication skills
The San Francisco base salary target range for this full-time position is $167,000-$185,000 + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in this location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your work location during the hiring process.
- Competitive salary, equity, benefits, and perks for all full-time employees
- Employer-paid medical, dental, and vision insurance (Country specific)
- Retirement employer match
- $2,000 Learning & Development stipend to invest in your professional development
- $1,000 USD Turo host matching and $1,500 USD vehicle reimbursement program
- $100 USD Monthly Turo travel credit
- Cell phone, internet and Fringe benefit stipend
- Paid time off to relax and recharge
- Paid holidays, volunteer time off, and parental leave
- For those who are in the office full-time or hybrid we have weekly in-office lunch, office snacks, and fun activities
- Bi-annual Turbo Week (week-long, company-wide conference)
We are committed to building a diverse team. If you are from a background that's underrepresented in tech, we'd love to meet you.
Aside from an award winning work environment and the opportunity to be part of the world’s largest car sharing marketplace, we are also growing the team quickly - join us! Even if you don't meet every qualification, we are looking for people with enthusiasm for what we do and we will consider you for this and other possibilities.
Turo is an Equal Opportunity Employer and a participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. We welcome people of different backgrounds, experiences, abilities and perspectives.
Turo will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance, as applicable.
We welcome candidates with physical, mental, and/or neurological disabilities. If you require assistance applying for an open position, or need accommodation during the recruiting process due to a disability, please submit a request to People Operations by emailing PeopleOps@turo.com.
Turo is the world’s largest car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, France, UK and Australia. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership. A pioneer of the sharing economy and the travel industry, Turo is a safe, supportive community where the car you book is part of a story, not a fleet.
Read more about the Turo culture according to Turo CEO, Andre Haddad.
More jobs like this
Remote, Texas, United States Remote, Texas, United States Full TimeSenior Senior-levelUSD 192K - 264K USD 192K+
Palo Alto Networks
Cortex Systems Engineer, SecOps Platform - North AmericaAnalytics Automation EDR Python Scripting SecOps +3
Career development Competitive pay Medical leave Salary bonus
Santa Clara, CA, United … Santa Clara, CA, United States Full TimeSenior Senior-levelUSD 144K - 233K USD 144K+
Palo Alto Networks
Principal Software Engineer (Network Security - SASE)C Cloud Computer Science Firewalls Linux Network security +2
Career development Competitive pay Medical leave Salary bonus
San Francisco, CA; Chicago, … San Francisco, CA; Chicago, IL; United States Full TimeSenior Senior-levelUSD 167K - 232K USD 167K+
Senior Application Security EngineerAgile Application security AWS Banking FinTech Golang +11
401(k) matching Career development Competitive pay Conferences Equity +4
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Staff Information Security Engineer jobs
- Open o365 Security Architect jobs
- Open Infosec Risk Manager jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Fortinet Firewall Engineer jobs
- Open Cyber Security Architect jobs
- Open Ingénieur DevSecops H/F jobs
- Open Application security-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open Splunk-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open GDPR-related jobs