Turo - San Francisco, CA
posted 3 months ago
Turo is searching for a highly motivated and versatile Senior Application Security Engineer to join our IT & Security governance team. In this role, you will be relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions. You will work closely with counterparts in IT and Engineering teams to ensure that our applications and services are designed and implemented with security built in to the highest standards. This position offers a challenging opportunity for those who enjoy analyzing the security of applications and services, discovering and addressing security issues, and quickly reacting to new threat scenarios. As a Senior Application Security Engineer, you will participate in security and architecture reviews for new and existing features, conduct vulnerability testing, and perform internal and external penetration tests across all elements of Turo's systems. You will lead the external bug bounty program, triaging identified bugs and collaborating with engineering and product teams on remediation efforts. Your advocacy for secure design principles and secure coding practices will be essential as you undertake secure coding best practices training with groups of developers. You will also be responsible for developing and maintaining existing tools to aid Engineering teams in building applications securely, assessing application security risks at runtime, and identifying gaps in applications and services that lack proper security scans. Your role will involve maintaining and managing internal Static Application Security Testing (SAST) tooling, ensuring code coverage for all repositories, maintaining existing rulesets, and writing custom rules to reduce false positives. Additionally, you will threat model current and new applications and features, as well as existing and new third-party integrations, to identify and quantify threats and recommend remediation methods. Your creativity will be crucial as you propose innovative approaches and emerging technologies to help solve security compliance challenges, while staying up to date on emerging information technology trends and security standards.