Staff Software Engineer, Platform Security

* Write production-grade code to secure cloud infrastructure. This is fundamentally a software engineering role with security expertise.* Lead security initiatives through spec-driven development (PRDs/RFCs, SPADE framework), designing self-service security solutions using infrastructure-as-code (Terraform), GitOps workflows (ArgoCD, Kustomize), and CI/CD pipelines (GitHub Actions) that create "paved roads" making secure choices the easiest choices.* Leverage AI-assisted development (Claude Code, AI agents, spec generation) to accelerate security engineering velocity, rapidly prototype solutions, debug complex systems, and maintain high-quality code.* Serve as incident commander for P1/P2 security investigations, conducting forensics analysis, coordinating cross-functional response, and documenting post-mortems with actionable improvements.* Partner with Core Platform Engineering and Platform Reliability Engineering teams to establish secure-by-default infrastructure patterns for Kubernetes workloads, container images, and cloud resources.* Manage vulnerability remediation programs through zero-downtime deployments, coordinating security upgrades across production Kubernetes clusters while maintaining 100% service availability.* Evaluate and integrate security tooling (CSPM, container scanning, SAST) with emphasis on automation and developer experience: building CLI wrappers, GitHub Actions workflows, and Slack integrations.* Contribute to Platform Security roadmap through data-driven prioritization, security architecture reviews, threat modeling, and evidence-based investment decisions that balance protection with engineering velocity.* Proactively identify opportunities to reduce technical security debt, eliminate manual toil through automation, and implement defense-in-depth strategies.* Participate in security on-call rotation with well-documented runbooks, automated alerting (PagerDuty, Slack), and clear escalation workflows.# **Your profile:*** Strong software engineering skills in Python, Go, Java, or similar languages with ability to write production-quality code, design APIs, build CLIs, and maintain services that other engineers depend on.* Expert knowledge of AWS security (EC2, EKS, S3, IAM, CloudTrail, Organizations, KMS) with hands-on experience securing multi-account architectures and implementing least-privilege designs.* Deep expertise in Kubernetes security including cluster hardening, workload isolation, RBAC, network policies, secrets management, admission controllers, and container runtime security at scale.* Proficiency in infrastructure-as-code (Terraform, Helm, Kustomize) and GitOps workflows (ArgoCD, FluxCD) for declarative infrastructure with built-in security controls and policy enforcement.* Experience building security tooling that developers actually use (CLIs, GitHub Actions, Slack bots) with focus on delightful developer experience and minimal friction.* Strong CI/CD security expertise including supply chain security (dependency scanning, SBOM generation), secret management (OIDC federation, ephemeral credentials), and policy enforcement.* Skilled at influencing without authority and the ability to convince engineering teams to adopt security practices through empathy, clear communication, and tools that make their jobs easier.* Ability to signal risk effectively using data, make pragmatic security trade-offs, and facilitate collaborative decision-making in technically complex environments.* Strong incident response capabilities including forensics investigation, log analysis, evidence preservation, and post-incident review with blameless culture.* Ability to mentor engineers through code reviews, pairing sessions, security design reviews, and career development conversations; a proven track record developing security champions.* Ability to thrive in fast-paced environments, making sound security decisions under pressure while maintaining engineering discipline and avoiding security theater.* Demonstrate Turo's values through collaborative approach to security, willingness to teach and learn, and bias toward action over perfection.* Contributions to open-source security projects or public security research (blogs, conference talks, CVE discoveries, tooling releases)* Experience with GitOps at scale (hundreds of repositories, thousands of resources, automated sync policies)* Offensive Security certifications (OSCP, CRTO, CKS, etc)* Experience with service mesh security (Istio, Linkerd, Envoy) including mTLS and authorization policies* Experience with compliance frameworks (SOC 2, PCI-DSS, ISO 27001) and translating requirements into engineering solutions* Background in offensive security (penetration testing, red team, CTF) bringing adversarial mindset to defensive engineering* Experience managing security vendor relationships (pentesting programs, bug bounty platforms)* Experience with multi-cloud architectures beyond AWS (GCP, Azure, hybrid cloud)* Experience with policy-as-code frameworks (OPA, Kyverno, Sentinel)* Competitive salary, equity, benefits, and perks for all full-time employees* Employer-paid medical, dental, and vision insurance (Country specific)* Retirement employer match* Learning & Development stipend to invest in your professional development* Turo host matching program* Turo travel credit* Cell phone and internet stipend* Paid time off to relax and recharge* Paid holidays, volunteer time off, and parental leave* For those who are in the office full-time or hybrid we have in-office lunch, office snacks, and fun activities #J-18808-Ljbffr