Turo is the worldโs largest car sharing marketplace where you can book the
perfect car for wherever youโre going from a vibrant community of trusted
hosts across the US, UK, Canada, Australia, and France. Whether you're flying
in from afar or looking for a car down the street, searching for a rugged
truck or something smooth and swanky, Turo puts you in the driver's seat of an
extraordinary selection of cars shared by local hosts.
**About the team:**
Turo is searching for a highly motivated and versatile Security Engineer to
join our IT & Security governance team. You will be relied upon to provide
engineering and product teams with security expertise necessary to confident
product decisions. You'll work closely with counterparts in IT and Engineering
teams to ensure our applications and services are designed and implemented
with having security builtin to the highest standards.
If you enjoy analyzing the security of applications and services, discovering
and addressing security issues and quickly reacting to new threat scenarios,
this position will provide you with a challenging opportunity. You will
participate in security and architecture reviews for new and existing
features, vulnerability testing, internal and external pentests across all
elements of Turoโs systems.
**What you will do:**
* Lead external bug bounty program to triage identified bugs and work with engineering and product teams on remediation.
* Advocate secure design principles, secure coding practices to Engineering teams and undertake secure coding best practices training with groups of developers.
* Evangelize Software Development LifeCycle to incorporate design and code reviews of our product.
* Work on developing & maintaining existing tools to aid Engineering teams build applications in a secure way, assess application security risks at runtime.
* Identify gaps in apps and services lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
* Maintain and manage internal SAST tooling by ensuring code coverage for all repos, maintain existing rulesets, write custom rules to reduce false positives and drive security awareness and adoption into SDLC.
* Threat model current, new applications and features along with existing and new third-party integrations to identify and quantify threats and recommend remediation methods.
* Assist in improving security of new business units by analyzing current security risks, creating security processes and onboarding security tools
* Assist in Security Incident Response as needed.
* Bring your creativity to bear by proposing innovative approaches and emerging technologies to help solve security compliance challenges.
* Stay up to date on emerging information technology trends and security standards.
**Your profile:**
* 4+ years of experience in Security Engineering or Software Development.
* A BS or MS in Computer Science, Information Systems, Engineering, or Cybersecurity or Information Assurance or equivalent industry experience.
* Experience in exploiting common attack patterns and exploitation techniques on web applications, threat modeling, OWASP Top 10, and secure architecture review.
* Experience with web application security testing tools such as Burp Suite, open source scanners and/or vendor products.
* Experience developing software ideally in Python, Java and Kotlin
* Strong understanding of web and mobile application security.
* Experience working on cloud infrastructure, especially AWS and its Security services suite
* Solid understanding or experience working in containerized environments and familiarity with GitOps flow
* The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
* Real passion for technology and desire to build tooling from ground-up and to tackle complex problems with creative solutions.
* The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
* Strong presentation, facilitation, and written/verbal communication skills
The San Francisco base salary target range for this full-time position is
$167,000-$185,000 + equity + benefits. Our salary ranges are determined by
role, level, and location. The range displayed on each job posting reflects
the minimum and maximum target for new hire salaries for the position in this
location. Within the range, individual pay is determined by work location and
additional factors, including job-related skills, experience, and relevant
education or training. Your recruiter can share more about the specific salary
range for your work location during the hiring process.
**#LI-LT1**
