Staff Application Security Engineer
San Francisco, CA
We're Cruise, a self-driving service designed for the cities we love.
We’re building the world’s most advanced, self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
Cruisers have the opportunity to grow and develop while learning from leaders at the forefront of their fields. With a culture of internal mobility, there's an opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, join us.
About the Role:
The Application Security team at Cruise focuses on partnering with groups throughout the company to create and deliver applications and services that are secure. Our work includes audits such as code reviews, threat models and application assessments; building a partnership with engineering teams in defining security related requirements and providing input on design proposals. The team also creates libraries, tools, and practices which allow us to scale our work to cover an increasingly large and complex code base.
We are especially interested in speaking with candidates that have diverse backgrounds and perspectives. We’re solving novel security problems at Cruise; novel perspectives make this easier!
We are ok with remote work!
What you’ll be doing:
- Help lead the long-term technical strategy of an engineering focused security team responsible for ensuring Cruise applications and services are developed securely
- Perform reviews ranging from architectural design to threat modeling and source code level assessments, providing actionable recommendations to make our products more secure
- Collaborate closely with engineering and security teams on security focused code reviews and implementation of security best practices in essential systems
- Write and use tools to help identify application security flaws and provide fixes or work with engineering teams to see issues are remediated
- Be capable or prioritizing security efforts as well as help teams understand prioritization of performing security mitigation work
What you must have:
- Extensive experience (10+ years) in the application security space; securing complex interconnected web applications and their architectures using Golang, Python and/or Node.js
- A documented history of finding high impact vulnerabilities or participating in the creation of tools to do the same
- A track record of developing projects from design to implementation and maintenance
- A broad and practical understanding of security fundamentals and their application
- Experience using a variety of static and dynamic security tools
- Practical knowledge and experience working in public cloud environments & IAM solutions (AWS, GCP, etc.)
- An interest in building creative solutions to challenging security problems with a focus on mentorship and scaling the team’s impact
- Contributions to the security community (open source, white papers, talks, etc)
- Doing well at large CTF events
- Experience with mobile security
- Experience with embedded security
- Our benefits are here to support the whole you:
- Competitive salary and benefits
- 401(k) Cruise matching program
- Medical / dental / vision, AD+D and Life
- One Medical membership
- Flexible vacation and company paid holidays
- Healthy meals and snacks provided for non-remote employees
- Paid parental leave
- Fertility Benefits
- Dependent Care Flexible Spending Account, subsidized by Cruise
- Flexible Spending Account
- Monthly wellness stipend
- Pre-tax Commuter Benefit Plan for non-remote employees
- We’re Integrated
- Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.
- We’re Funded
- GM, Honda, Microsoft, SoftBank, & T. Rowe Price, have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.
- We’re Independent
- We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the edge of technology, but also define it.
- We’re Vested
- You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow.
Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives.
We seek applicants of all backgrounds and identities, across race, color, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.
Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email HR@getcruise.com.
We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.
At Cruise, we’re tasked with leading in the communities we serve — and doing our part to help keep our communities and our teams safe. Our #StaySafe culture transcends and informs all we do, and because of this, as of October 31, 2021 Cruise will be mandating COVID-19 vaccinations for all US-based Cruisers who need or want to access any of our US Cruise facilities and engage in any business travel — including attending any in-person Company-sponsored event.
If you are unable to get a vaccine due to a medical condition, disability, or a strongly-held religious belief, Cruise will consider requests for an accommodation.
Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.
Explore more Information Security career opportunities
- Open SOC Analyst Jobs
- Open Principal Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Vulnerability Analyst Jobs
- Open Information Security Architect Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Software Security Engineer Jobs
- Open IAM Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Sr. Product Security Engineer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Senior Incident Response Analyst Jobs
- Open Chief Information Security Officer Jobs
- Open Cybersecurity Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open Information Security Officer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Cyber Security Architect Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Cybersecurity Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Kubernetes-related jobs
- Open Clearance-related jobs
- Open PCI-related jobs
- Open Open Source-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Threat detection-related jobs
- Open IPS-related jobs
- Open TCP/IP-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open Unix-related jobs
- Open DevSecOps-related jobs
- Open GDPR-related jobs
- Open PowerShell-related jobs