We are building the world’s most advanced, all-electric, self-driving cars to safely connect people to the places, things, and experiences they care about. We believe self-driving cars will help save lives, reimagine cities, redefine time in transit, and restore freedom of movement for many.
At Cruise, our engineers have opportunities to grow and develop while learning from leaders at the cutting-edge of their fields. With a culture of internal mobility, there's opportunity to thrive in a variety of disciplines. This is a place for dreamers and doers to succeed.
If you are looking to solve one of today’s most complex engineering challenges, see the results of your work in hundreds of self-driving cars, and make a positive impact in the world starting in our cities, join us.
The Application Security team at Cruise focuses on partnering with groups throughout the company to create and deliver applications and services that are secure. Our work includes audits such as code reviews, threat models and application assessments; building a partnership with engineering teams in defining security related requirements and providing input on design proposals. The team also creates libraries, tools, and practices which allow us to scale our work to cover an increasingly large and complex code base.
We are especially interested in speaking with candidates that have diverse backgrounds and perspectives. We’re solving novel security problems at Cruise; novel perspectives make this easier!
We are ok with remote work!
Day-to-day responsibilities include:
- Lead the long term technical strategy of an engineering focused security team responsible for ensuring Cruise applications and services are developed securely
- Perform reviews ranging from architectural design to threat modeling and source code level assessments, providing actionable recommendations to make our products more secure
- Collaborate closely with engineering and security teams on security focused code reviews and implementation of security best practices in essential systems
- Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that focus on actionable and measurable improvements
- Advocate for security within the engineering organization in order to deliver the most secure autonomous vehicle platform
- Be capable or prioritizing security efforts as well as help teams understand prioritization of performing security mitigation work
You should apply for this role if you have the following qualifications:
- Extensive experience in the application security space; securing complex interconnected web applications and their architectures using Golang, Python and/or Node.js
- A track record of developing projects from design to implementation and maintenance
- Experience securing native mobile(Android/iOS) and/or C/C++ applications in a Linux environment
- A broad and practical understanding of security fundamentals and their application
- Experience using a variety of static and dynamic security tools
- Practical knowledge and experience working in public cloud environments & IAM solutions (AWS, GCP, etc.)
- An interest in building creative solutions to challenging security problems with a focus on mentorship and scaling the team’s impact
- Contributions to the security community (open source, public research, blogging, presentations, etc)