We’re Cruise, the self-driving ride-hailing service.
We are building the world’s most advanced self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.
At Cruise, our engineers have opportunities to grow and develop while learning from leaders at the cutting-edge of their fields. With a culture of internal mobility, there's opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to solve one of today’s most complex engineering challenges, see the results of your work in hundreds of self-driving cars, and make a positive impact in the world starting in our cities, join us.
We are looking for someone who understands how vulnerabilities translate to significant incidents in both traditional and cloud based environments. As a technical expert, you will translate requirements into scalable processes and technologies, formulate and prioritize risks, collaborate with asset owners to prioritize vulnerability remediation, and create measures and processes that ensure our efficient resolution of risks.
As the Staff Vulnerability & Risk Management Engineer you will report to the Director of Security Assurance and Trust. Given the nature of the role, you will be a point of contact for a wide range of teams and folks at all levels of the organization. We are ok with remote work for the right candidate.
What you'll be doing:
- Creation and review of requirements for vulnerability management systems
inclusive of their upstream and downstream dependencies
- Detection, assessment, and ranking of vulnerabilities to ensure protection of our
most valuable resources from their most serious vulnerability exploits
- Work with TPM, IT, and asset owners to achieve timely remediation actions
- Aid in the measurement and continuous improvement of the aforementioned
- Foster and maintain a fiduciary obligation with your stakeholders: be a credible,
reliable, and trustworthy partner and subject matter expert
What you must have:
- Expertise with vulnerability scanning technology such as Nessus, Qualys, Rapid7, etc.
- Expertise in GCP and/or AWS
- Expertise with cloud security analysis tools like Prisma, Redlock, Twistlock, etc.
- Expertise with scripting in Python and shell
- Experience with enterprise and cloud networking
- Experience communicating at all levels of the organization; meeting Cruiser’s at their level of expertise and the ability to bring others along will be critical to your success in this role
- Experience with cloud and container based deployments, using AWS/GCP, Kubernetes, Docker etc.
- Familiarity with CI/CD pipeline tools and processes
- Familiarity with use of SCAP and STIG
- h1ackerone reputation score, Blackhat / Defcon presenter, or like bonafides
- One or more of the following certifications: OSCP, OSCE, GVEA, GCIH, GCED, or like
- Expertise with security orchestration, automation, and deployment tools,
and using Terraform