Staff Security Engineer, Infrastructure

As the world's largest car sharing marketplace, Turo is growing fast and hiring talent in the US, Canada, the UK, France, and Australia! Our driven, down-to-earth team empowers you to push yourself, make a huge impact, and accelerate your career growth.

About the team:

Turo is searching for a highly motivated and versatile Security Engineer to join our IT & Security team. You will be relied upon to design, build and deploy technology that safeguards our infrastructure. You will be working with our Engineering teams to build highly scalable and secure infrastructure and the supporting deployment pipelines. Security at Turo services a large organization and aims to maximize our impact by creating low-friction automated solutions that enable other teams to deploy in the safest way possible.

If you enjoy analyzing the security of applications, services and various infrastructure components,discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will be building tools to make secure-by-default easy. If you are a believer in Shift-Left-Security, enjoy building, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity.

What You’ll Do:

• Leverage your Devops expertise to improve the Security of Turo’s Infrastructure
• Identify and help mitigate security issues, misconfigurations and vulnerabilities within Turo’s Cloud, Container and Kubernetes infrastructure
• Help improve our engineers’ development experience by surfacing security flaws earlier in the process, empower them with more data and guidelines to promote self-service.
• Build security tools and for critical infrastructure protection, monitoring and remediation.
• Contribute towards improving internal log aggregation methods and champion Security Alerting and Monitoring for internal services & infrastructure.
• Identify gaps in apps and services lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
• Participate in security on-call rotation
• Bring your creativity to bear by proposing innovative approaches and emerging technologies to help solve security compliance challenges.
• Stay up to date on emerging information technology trends and security standards.

Your profile:

• 5+ years of experience in Security Engineering or as an DevOps Engineer
• 2+ years of experience working in or as part of Detection and Response teams
• A BS or MS in Computer Science, Information Systems, Engineering, or Cybersecurity or Information Assurance or equivalent industry experience.
• Solid development skills in at least one of the following languages: Python, Go and/or Java.
• Knowledge of application security, system security, secure system design/SecSDLC, secure coding best practices, common attack patterns and exploitation techniques.
• Experience working on Kubernetes, Istio, Terraform, Vulnerability & Patch Management, Identify and Access Management, Incident Handling and Response.
• Knowledge and experience working with AuthN/Z protocols/frameworks (OpenID Connect, OAuth, etc)
• Experience working on cloud infrastructure, especially AWS and its Security services suite
• Experience building out integrations with open source scanners and/or vendor products.
• Solid understanding and experience working in containerized environments and familiarity with GitOps flow
• The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
• The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
• Strong presentation, facilitation, and written/verbal communication skills

The Phoenix base salary target range for this full-time position is $152,000-$171,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in this location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your work location during the hiring process.

#LI-LT1