Turo is searching for a highly motivated and versatile Security Engineer to join our IT & Security governance team. Under the guidance of the Senior Director, Enterprise IT & Security and with a dotted line to our Sr. Security Engineer, Team Lead - you will be relied upon to provide engineering and product teams with security expertise necessary to confident product decisions. Additionally, you will work in depth with other internal teams within Turo to ensure Turo meets our Security, Privacy and Compliance commitments. You'll work closely with counterparts in IT and Engineering teams to ensure our applications and services are designed and implemented with having security builtin to the highest standards.
If you enjoy analyzing the security of applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security audits, risk analysis, vulnerability testing and security reviews across all elements of this project's software systems.
What You’ll Do:
- Engage with cross platform teams across Turo to understand the Security, Privacy and Compliance aspects of the business with risks associated with third parties.
- Lead external bug bounty program to triage identified bugs and work with engineering and product teams on remediation.
- Advocate secure design principles, secure coding practices to Engineering teams and undertake secure coding best practices training with groups of developers.
- Help establish a Secure Software Development LifeCycle to incorporate design and code reviews of our product.
- Work on developing your own small tools and scripts to aid Engineering teams build applications in a secure way, assess application security risks at runtime.
- Identify gaps in apps and services lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
- Threat model current, new applications and features along with existing and new third-party integrations to identify and quantify threats and recommend remediation methods.
- Assist in Security Incident Response as needed.
- Bring your creativity to bear by proposing innovative approaches and emerging technologies to help solve security compliance challenges.
- Stay up to date on emerging information technology trends and security standards.
Desired Competencies and Experience
Successful candidates will have:
- 2+ years of experience in Security Engineering or Software Development.
- A BS or MS in Computer Science, Information Systems, Engineering, or Cybersecurity or Information Assurance or equivalent industry experience.
- Knowledge of application security, system security, secure system design/SecSDLC, secure coding best practices, common attack patterns and exploitation techniques.
- Experience with web application security testing tools such as Burp Suite.
- Experience working on cloud infrastructure, especially AWS and its Security services suite
- Experience building out integrations with open source scanners and/or vendor products.
- Solid understanding or experience working in containerized environments and familiarity with GitOps flow
- Solid understanding of programming and scripting with expertise in at least one of Python, Go, NodeJS Java, Kotlin, C/C++/C#
- The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
- Real passion for technology and desire to build tooling from ground-up and to tackle complex problems with creative solutions.
- The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
- Strong presentation, facilitation, and written/verbal communication skills
- Competitive salary, equity, benefits, and perks for all full-time employees
- Employer-paid medical, dental, and vision insurance (Country specific)
- Retirement employer match
- $2,000 Learning & Development stipend to invest in your professional development
- $1,000 USD Turo host matching and $1,500 USD vehicle reimbursement program
- $100 USD Monthly Turo travel credit
- Cell phone, internet and Fringe benefit stipend
- Paid time off to relax and recharge
- Paid holidays, volunteer time off, and parental leave
- For those who are in the office full-time or hybrid we have weekly in-office lunch, office snacks, and fun activities
- Annual Turbo Week (week-long, company-wide conference)
Turo is the world’s largest car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, France and the UK. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership. A pioneer of the sharing economy and the travel industry, Turo is a safe, supportive community where the car you book is part of a story, not a fleet.
Turo cultivates a team of smart, critical thinkers who care about their work and their colleagues. We are always on the lookout for supportive, down-to-earth, pioneering, and efficient people to grow our team's talent and enrich our culture.
Read more about the Turo culture according to Turo CEO, Andre Haddad.
We're an equal opportunity employer and value diversity at our company. We don't discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. When in doubt, please apply!