Apply on Employer Site

Turo · 2 months ago

Staff Software Engineer, Platform Security

Toronto

Full-time

Hybrid

Senior Level, Lead/Staff

$132K/yr - $165K/yr

7+ years exp

Turo is the world’s largest car sharing marketplace, and they are seeking a Staff Software Engineer specializing in Platform Security. The role involves securing cloud-native infrastructure through software engineering excellence, leading security initiatives, and mentoring engineers on secure infrastructure patterns.

Car SharingMarketplacePeer to PeerTransportation

Growth Opportunities

H1B Sponsor Likely

Responsibilities

Write production-grade code to secure cloud infrastructure. This is fundamentally a software engineering role with security expertise

Lead security initiatives through spec-driven development (PRDs/RFCs, SPADE framework), designing self-service security solutions using infrastructure-as-code (Terraform), GitOps workflows (ArgoCD, Kustomize), and CI/CD pipelines (GitHub Actions) that create "paved roads" making secure choices the easiest choices

Leverage AI-assisted development (Claude Code, AI agents, spec generation) to accelerate security engineering velocity, rapidly prototype solutions, debug complex systems, and maintain high-quality code

Serve as incident commander for P1/P2 security investigations, conducting forensics analysis, coordinating cross-functional response, and documenting post-mortems with actionable improvements

Partner with Core Platform Engineering and Platform Reliability Engineering teams to establish secure-by-default infrastructure patterns for Kubernetes workloads, container images, and cloud resources

Manage vulnerability remediation programs through zero-downtime deployments, coordinating security upgrades across production Kubernetes clusters while maintaining 100% service availability

Evaluate and integrate security tooling (CSPM, container scanning, SAST) with emphasis on automation and developer experience: building CLI wrappers, GitHub Actions workflows, and Slack integrations

Contribute to Platform Security roadmap through data-driven prioritization, security architecture reviews, threat modeling, and evidence-based investment decisions that balance protection with engineering velocity

Proactively identify opportunities to reduce technical security debt, eliminate manual toil through automation, and implement defense-in-depth strategies

Participate in security on-call rotation with well-documented runbooks, automated alerting (PagerDuty, Slack), and clear escalation workflows

Qualification

AWS securityKubernetes securityInfrastructure-as-codeCI/CD securityPythonGoJavaSecurity toolingIncident responseSoft skillsMentoringCollaboration

Required

Strong software engineering skills in Python, Go, Java, or similar languages with ability to write production-quality code, design APIs, build CLIs, and maintain services that other engineers depend on

Expert knowledge of AWS security (EC2, EKS, S3, IAM, CloudTrail, Organizations, KMS) with hands-on experience securing multi-account architectures and implementing least-privilege designs

Deep expertise in Kubernetes security including cluster hardening, workload isolation, RBAC, network policies, secrets management, admission controllers, and container runtime security at scale

Proficiency in infrastructure-as-code (Terraform, Helm, Kustomize) and GitOps workflows (ArgoCD, FluxCD) for declarative infrastructure with built-in security controls and policy enforcement

Experience building security tooling that developers actually use (CLIs, GitHub Actions, Slack bots) with focus on delightful developer experience and minimal friction

Strong CI/CD security expertise including supply chain security (dependency scanning, SBOM generation), secret management (OIDC federation, ephemeral credentials), and policy enforcement

Skilled at influencing without authority and the ability to convince engineering teams to adopt security practices through empathy, clear communication, and tools that make their jobs easier

Ability to signal risk effectively using data, make pragmatic security trade-offs, and facilitate collaborative decision-making in technically complex environments

Strong incident response capabilities including forensics investigation, log analysis, evidence preservation, and post-incident review with blameless culture

Ability to mentor engineers through code reviews, pairing sessions, security design reviews, and career development conversations; a proven track record developing security champions

Ability to thrive in fast-paced environments, making sound security decisions under pressure while maintaining engineering discipline and avoiding security theater

Demonstrate Turo's values through collaborative approach to security, willingness to teach and learn, and bias toward action over perfection

Bachelor's degree in Computer Science, Engineering, or related field and 7+ years of relevant industry experience in security engineering, platform engineering, or DevSecOps roles

Equivalent combination of education and experience demonstrating expertise in cloud infrastructure security, Kubernetes security, and security automation

Preferred

Contributions to open-source security projects or public security research (blogs, conference talks, CVE discoveries, tooling releases)

Experience with GitOps at scale (hundreds of repositories, thousands of resources, automated sync policies)

Offensive Security certifications (OSCP, CRTO, CKS, etc)

Experience with service mesh security (Istio, Linkerd, Envoy) including mTLS and authorization policies

Experience with compliance frameworks (SOC 2, PCI-DSS, ISO 27001) and translating requirements into engineering solutions

Background in offensive security (penetration testing, red team, CTF) bringing adversarial mindset to defensive engineering

Experience managing security vendor relationships (pentesting programs, bug bounty platforms)

Experience with multi-cloud architectures beyond AWS (GCP, Azure, hybrid cloud)

Experience with policy-as-code frameworks (OPA, Kyverno, Sentinel)

Benefits

Competitive salary, equity, benefits, and perks for all full-time employees

Employer-paid medical, dental, and vision insurance (Country specific)

Retirement employer match

Learning & Development stipend to invest in your professional development

Turo host matching program

Turo travel credit

Cell phone and internet stipend

Paid time off to relax and recharge

Paid holidays, volunteer time off, and parental leave

For those who are in the office full-time or hybrid we have in-office lunch, office snacks, and fun activities

Company

Turo

Glassdoor4.2

Turo is a peer-to-peer car-sharing marketplace where customers can book vehicles from a community of local hosts.

Founded in 2009

San Francisco, California, USA

501-1000 employees

https://turo.com

H1B Sponsorship

Turo has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (27)

2024 (42)

2023 (42)

2022 (40)

2021 (33)

2020 (14)

Funding

Current Stage

Late Stage

Total Funding

$570.07M

Key Investors

G SquaredIACSK Holdings

2023-03-15Secondary Market· $67.5M

2022-03-21Series Unknown· $35.17M

2020-02-05Series E· $30M

Leadership Team

Andre Haddad

CEO and All Star Host

Brian Beaver

Senior VP of Design

Recent News

PR Newswire

RelayRides Raises $25 Million in Series B Funding Led by Canaan Partners Plans to Accelerate Customer Acquisition and Expand Into New Geographies and Services

2026-01-05

finsmes

RelayRides Raises $25M in Series B Funding

2026-01-05

PR Newswire

Turo Recognized on USA Today's America's Best Customer Service 2026 List

2025-12-11

Company data provided by crunchbase