Senior Application Security Engineer

$148,000 - $167,000/Yr

Turo - San Francisco, CA

posted 3 months ago

Full-time - Senior
San Francisco, CA
Rental and Leasing Services

About the position

Turo is searching for a highly motivated and versatile Senior Application Security Engineer to join our IT & Security governance team. In this role, you will be relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions. You will work closely with counterparts in IT and Engineering teams to ensure that our applications and services are designed and implemented with security built in to the highest standards. This position offers a challenging opportunity for those who enjoy analyzing the security of applications and services, discovering and addressing security issues, and quickly reacting to new threat scenarios. As a Senior Application Security Engineer, you will participate in security and architecture reviews for new and existing features, conduct vulnerability testing, and perform internal and external penetration tests across all elements of Turo's systems. You will lead the external bug bounty program, triaging identified bugs and collaborating with engineering and product teams on remediation efforts. Your advocacy for secure design principles and secure coding practices will be essential as you undertake secure coding best practices training with groups of developers. You will also be responsible for developing and maintaining existing tools to aid Engineering teams in building applications securely, assessing application security risks at runtime, and identifying gaps in applications and services that lack proper security scans. Your role will involve maintaining and managing internal Static Application Security Testing (SAST) tooling, ensuring code coverage for all repositories, maintaining existing rulesets, and writing custom rules to reduce false positives. Additionally, you will threat model current and new applications and features, as well as existing and new third-party integrations, to identify and quantify threats and recommend remediation methods. Your creativity will be crucial as you propose innovative approaches and emerging technologies to help solve security compliance challenges, while staying up to date on emerging information technology trends and security standards.

Responsibilities

  • Lead external bug bounty program to triage identified bugs and work with engineering and product teams on remediation.
  • Advocate secure design principles and secure coding practices to Engineering teams and undertake secure coding best practices training with groups of developers.
  • Evangelize Software Development LifeCycle to incorporate design and code reviews of our product.
  • Develop and maintain existing tools to aid Engineering teams in building applications securely and assess application security risks at runtime.
  • Identify gaps in applications and services lacking proper security scans and execute on a project roadmap to ensure 100% coverage across all assets.
  • Maintain and manage internal SAST tooling, ensuring code coverage for all repositories, maintaining existing rulesets, and writing custom rules to reduce false positives.
  • Threat model current and new applications and features along with existing and new third-party integrations to identify and quantify threats and recommend remediation methods.
  • Assist in improving security of new business units by analyzing current security risks, creating security processes, and onboarding security tools.
  • Assist in Security Incident Response as needed.
  • Propose innovative approaches and emerging technologies to help solve security compliance challenges.
  • Stay up to date on emerging information technology trends and security standards.

Requirements

  • 4+ years of experience in Security Engineering or Software Development.
  • A BS or MS in Computer Science, Information Systems, Engineering, Cybersecurity, or Information Assurance, or equivalent industry experience.
  • Experience in exploiting common attack patterns and exploitation techniques on web applications, threat modeling, OWASP Top 10, and secure architecture review.
  • Experience with web application security testing tools such as Burp Suite, open source scanners, and/or vendor products.
  • Experience developing software ideally in Python, Java, and Kotlin.
  • Strong understanding of web and mobile application security.
  • Experience working on cloud infrastructure, especially AWS and its Security services suite.
  • Solid understanding or experience working in containerized environments and familiarity with GitOps flow.
  • Proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals.
  • Real passion for technology and desire to build tooling from ground-up and tackle complex problems with creative solutions.
  • Capability to interface with multiple levels of the organization and to serve as an influencer and a team player.
  • Strong presentation, facilitation, and written/verbal communication skills.

Benefits

  • Competitive salary, equity, benefits, and perks for all full-time employees
  • Employer-paid medical, dental, and vision insurance (Country specific)
  • Retirement employer match
  • $2,000 Learning & Development stipend to invest in your professional development
  • $1,000 USD Turo host matching and $1,500 USD vehicle reimbursement program
  • $100 USD Monthly Turo travel credit
  • Cell phone, internet and Fringe benefit stipend
  • Paid time off to relax and recharge
  • Paid holidays, volunteer time off, and parental leave
  • Weekly in-office lunch, office snacks, and fun activities for those in the office full-time or hybrid
  • Annual Turbo Week (week-long, company-wide conference)

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service