Turo is searching for a highly motivated and versatile IT Security Analyst to join our IT and Security governance team. Under the guidance of the IT Director, you will own the responsibilities of monitoring company networks and systems for security vulnerabilities, installing and maintaining appropriate security software, test current security protocols, update IT & security governance policies, build and maintain SOC services, assist with security assessments and audits, and implement changes to security systems as necessary. Data is vital to the strategic vision of Turo. Therefore, data must always be secure from unauthorized access. The successful candidate will have advanced technical skills in IT infrastructure, systems, and cybersecurity protocols. Effective communication skills are also vital to the position.


  • Monitor computer enterprise networks for security issues and investigate security breaches and other cyber security incidents when they occur based on established policies and protocols.
  • Install security measures, authentication protocols, hardware, and software to protect systems and information infrastructure, including firewalls and data encryption programs.
  • Conduct security assessments through vulnerability testing and risk analysis and perform both internal and external security audits
  • Analyze security breaches to identify their root cause and then document findings and assess the damage they cause.
  • Work with other IT & security governance team members and department heads across the organization to formulate and perform tests, audit protocols, and other techniques to uncover network vulnerabilities.
  • Review the latest security alerts, both internal and external, to determine relevancy and urgency regarding the company and established policies.
  • Develop and implement systems, policies, and protocols to continuously scrutinize the network infrastructure and operating environment for vulnerabilities, weaknesses, flaws, and deviations from policy and standard.
  • Maintain security awareness training program to all employees
  • Develop and deliver metrics that can be used to measure security capability and performance.
  • Ensure that digital assets are protected from unauthorized access including both cloud and on-premise infrastructures and public-facing or internal systems.
  • Provide reports and other documentation for IT administrators, managers, and security team members to use to evaluate the efficacy of the security policies in place.
  • Develop company-wide best practices for IT security policies, protocols, and procedures and perform network penetration testing to assess the performance of those best practices.
  • Verify the security procedures and systems of our third-party vendors and collaborate with them to meet security and regulatory compliance requirements.
  • Research security enhancements, innovations, and industry improvements and then make recommendations based on that research.
  • Stay up to date on emerging information technology trends and security standards.
  • Educate IT & security governance team members, supervisors, executives, and other stakeholders to help integrate system security best practices into the company’s access procedures.


  • 3+ years of experience in the Informations Security or related domain(s)
  • A BS or MS in computer science, information systems, engineering, or cybersecurity is required 
  • Experience with computer network penetration testing and techniques
  • Experience or knowledge with OWASP framework
  • The demonstrable ability to identify and mitigate network vulnerabilities and communicate how to avoid them
  • Experience monitoring network traffic to detect potential threats and then responding to those threats promptly
  • Incident response skills and experience in managing the negative effects of a security attack or breach, including the minimization of the impact and the altering of security controls for future prevention
  • Experience in computer forensics and the prevention of crime through the collection, analysis, and reporting of data
  • The ability to document and report evidence to the proper stakeholders in the event of a security breach
  • The ability to reverse engineer a piece of software to discover how and what it does so that it can be patched for a bug or to analyze it for a potential malware attack
  • Deep knowledge and understanding of firewall concepts, network protocols (TCP/IP, IPSEC, routing, etc.), network and app level threat vectors and attack techniques
  • Relevant technical skills and experience with industry standard identity and access management solutions
  • Proficiency in languages such as Python, Bash Scripting, JavaScript, SQL, etc.
  • One or more of these security certifications CISSP, CISA, GSEC, CEH, CGEIT or similar
  • Experience with security audits such as ISO 27001, GDPR, CCPA, SOC2, etc.
  • Effective analytical abilities and an affinity for attention to detail that can be used to evaluate an organization’s needs and implement solutions
  • The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
  • The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
  • Strong presentation, facilitation, and written/verbal communication skills


  • Competitive salary and equity for all full-time employees
  • Employer paid medical, dental, and vision insurance
  • Generous paid time off, paid holidays, paid volunteer time off, and paid parental leave
  • Kitchen with fully-stocked snacks and drinks
  • Company-sponsored happy hours and team events
  • Turo host matching and vehicle reimbursement program

About Turo

Turo is the world’s largest car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, the UK, and Germany. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership. A pioneer of the sharing economy and the travel industry, Turo is a safe, supportive community where the car you book is part of a story, not a fleet. Discover Turo at https://turo.com, the App Store, and Google Play, and check out our blog, Field Notes.   

Turo has raised $450M to date from top-tier investors, including IAC, Daimler AG, Kleiner Perkins, GV, Canaan Partners, August Capital, and Shasta Ventures. 

Turo cultivates a tight-knit team of smart, critical thinkers who care about their work and their colleagues. Our recruiting team is always on the lookout for supportive, down-to-earth, pioneering, and efficient candidates to grow our team's talent and enrich our culture.


Read more about the Turo culture according to Turo CEO, Andre Haddad.


We're an equal opportunity employer and value diversity at our company. We don't discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. When in doubt, please apply!

Apply for this Job

* Required


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Turo are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.