Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust.

The security team designs and builds Lyft's security architecture, consult with other teams as they build and launch new products and features, proactively plans for the unexpected, and responds to incidents that occur. Our work affects the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps, IT, and autonomous vehicles. We approach security from a software engineering standpoint. We believe in scaling security through automation and tooling and we ship frequently. Check out our blog posts at https://eng.lyft.com/tagged/security to learn more about some of the things we’ve built.

About the role:

The mission: Empower the company to make informed, prioritized and automated security decisions. Democratize threat intelligence along with the “assume breach” mindset across Lyft to improve our ability to predict, sustain, investigate and recover from threats.

We're looking for engineers who are excited about growing and improving security at Lyft by building systems that constantly stress test our security to stimulate new learnings and move us along our maturity journey. In order to be scalable, each secure product quality gate must be automated and integrated into our software release pipeline. Our grand vision is a fully automated series of quality controls and hunting capabilities that constantly validate that our product and services are secure. In short, we’re building a robot army that constantly validates our current security status and looks for new attack vectors. Don’t you want to live in this beautiful world?

Responsibilities:

• Build tools and services that stress test the security of our systems with an eye towards scalability, repeatability, measurement and integration with existing service reliability engineering infrastructure
• Proactively research new attack vectors that may affect Lyft
• Build tools and services to support and scale red team/offensive capabilities
• Collaborate with teams across Lyft to ensure security best practices are leveraged as we roll out new features and expand our service offerings.

Experience & Skills:

• Experience building automated security bug finding platform and offensive toolkits
• Solid experience with a high level programming language
• Strong fundamentals in OS, container and network security
• Experience with (or a deep interest in) computer security, ideally in both attacking and defending services
• When facing a problem that's poorly defined or outside of your expertise, you can quickly learn what you need to dig in, make sense of the problem, and start working towards a solution
• You're a great communicator, and can advocate for your proposals while also empathizing with your teammates' goals and priorities
• Experience with cloud infrastructure Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)
• Ability to thrive in a startup environment

Lyft is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. Lyft does not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws or prohibited by Company policy. Lyft also strives for a healthy and safe workplace and strictly prohibits harassment of any kind. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Lyft will also consider for employment qualified applicants with arrest and conviction records.