Our drivers and passengers entrust Lyft with their personal information and travel details, and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust. The security team designs and builds Lyft's security architecture, consults with other teams as they build and launch new products and features, and responds to incidents. We believe in scaling security through engineering and automation. Our work spans the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps and IT.

The mission: Empower the company to scale securely. Provide clear guidance on secure business operations and verify we do what we say we do.

Key Responsibilities:

• Build and foster partnerships throughout the organization with a devotion to exceptional customer experience
• Never settle for the status quo, deliver operational excellence in every process and framework
• Contribute to designing and building automation and orchestration frameworks
• Contribute to incident response (Tier 2) and forensic analysis activities
• Monitor for threats and potential indicators of compromise – using logs/SIEM, external monitoring feeds, security-related news sources, vendor alerts, etc.
• Develop and maintain runbooks for security operations, lead and participate in initiatives to build/improve runbooks across the organization
• Perform threat models/risk assessments on large-scale cloud environment
• Participates in on-call rotation

Skills and Experience:

• Ability to think long-term and design/build security processes that scale
• Experience with log management products and integrations (ELK, Splunk)
• Proficiency in at least one programming or shell scripting language (GOLANG, Node.js, Python)
• Expertise in incident response methodologies, planning, testing, and execution
• Strong cloud expertise (AWS, Azure, GCP)

Setting Yourself Apart:

• Passionate about solving complex security problems that span the entire organization
• Advanced skills in automation tooling
• Hands-on experience implementing and maintaining security controls through infrastructure-as-code
• Having a positive attitude is essential to being successful in this role
• Open source projects, security conference presentations, industry white papers, etc

Lyft is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Lyft does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Lyft also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Lyft will also consider for employment qualified applicants with arrest and conviction records.