Turo is searching for a highly motivated and versatile Security Engineer to join our IT & Security team. Under the guidance of the Senior Director, Enterprise IT & Security and with a dotted line to our Sr. Security Engineer, Team Lead - you will be relied upon to design, build and deploy technology that safeguards our infrastructure. You will be working with our Engineering teams to build highly scalable and secure infrastructure and the supporting deployment pipelines. Security at Turo services a large organization and aims to maximize our impact by creating low-friction automated solutions that enable other teams to deploy in the safest way possible.
You will be building tools to make secure-by-default easy. If you are a believer in Shift-Left-Security, enjoy building, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity.
What You’ll Do:
- Leverage your Devops expertise to improve the Security of Turo’s Infrastructure
- Build and refine tools that help detect and mitigate security flaws within our infrastructure build process.
- Automate detection and remediation of service and container vulnerabilities
- Help improve our engineers’ development experience by surfacing security flaws earlier in the process, empower them with more data and guidelines to promote self-service.
- Build security tools and processes using Python or Go for critical infrastructure protection, monitoring and remediation.
- Contribute and improve internal log aggregation methods and champion Security Alerting and Monitoring for internal services & infrastructure.
- Identify gaps in apps and services lacking proper security scans, build-out and execute on a project roadmap to ensure 100% coverage across all assets.
- Assist in Security Incident Response as needed.
- Bring your creativity to bear by proposing innovative approaches and emerging technologies to help solve security compliance challenges.
- Stay up to date on emerging information technology trends and security standards.
Desired Competencies and Experience
- A true believer in and practitioner of Turo’s core values: Pioneering, Supportive, Down-to-earth & Efficient
- A love of all things Security Operations. Complex systems and software are where your brain thrives. You excel at finding and fixing security concerns and weaknesses in them
- 2 years of experience in Security Engineering or as an DevOps Engineer
- A BS or MS in Computer Science, Information Systems, Engineering, or Cybersecurity or Information Assurance or equivalent industry experience.
- Knowledge of application security, system security, secure system design/SecSDLC, secure coding best practices, common attack patterns and exploitation techniques.
- Experience working on Kubernetes, Terraform, Vulnerability & Patch Management, Identify and Access Management, Incident Handling and Response.
- Experience working on cloud infrastructure, especially AWS and its Security services suite
- Experience building out integrations with open source scanners and/or vendor products.
- Solid understanding or experience working in containerized environments and familiarity with GitOps flow
- The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
- The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
- Strong presentation, facilitation, and written/verbal communication skills