Jobs @ Turo

IT Security Analyst

San Francisco, Ca
<p><span style="font-weight: 400;">Turo is searching for a highly motivated and versatile IT Security Analyst to join our IT and Security governance team. Under the guidance of the IT Director, you will own the responsibilities of monitoring company networks and systems for security vulnerabilities, installing and maintaining appropriate security software, test current security protocols, update IT &amp; security governance policies, build and maintain SOC services, assist with security assessments and audits, and implement changes to security systems as necessary. Data is vital to the strategic vision of Turo. Therefore, data must always be secure from unauthorized access. The successful candidate will have advanced technical skills in IT infrastructure, systems, and cybersecurity protocols. Effective communication skills are also vital to the position.</span></p> <p><strong>Responsibilities</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Monitor computer enterprise networks for security issues and investigate security breaches and other cyber security incidents when they occur based on established policies and protocols.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Install security measures, authentication protocols, hardware, and software to protect systems and information infrastructure, including firewalls and data encryption programs.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Conduct security assessments through vulnerability testing and risk analysis and perform both internal and external security audits</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Analyze security breaches to identify their root cause and then document findings and assess the damage they cause.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Work with other IT &amp; security governance team members and department heads across the organization to formulate and perform tests, audit protocols, and other techniques to uncover network vulnerabilities.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Review the latest security alerts, both internal and external, to determine relevancy and urgency regarding the company and established policies.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Develop and implement systems, policies, and protocols to continuously scrutinize the network infrastructure and operating environment for vulnerabilities, weaknesses, flaws, and deviations from policy and standard.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Maintain security awareness training program to all employees</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Develop and deliver metrics that can be used to measure security capability and performance.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Ensure that digital assets are protected from unauthorized access including both cloud and on-premise infrastructures and public-facing or internal systems.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Provide reports and other documentation for IT administrators, managers, and security team members to use to evaluate the efficacy of the security policies in place.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Develop company-wide best practices for IT security policies, protocols, and procedures and perform network penetration testing to assess the performance of those best practices.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Verify the security procedures and systems of our third-party vendors and collaborate with them to meet security and regulatory compliance requirements.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Research security enhancements, innovations, and industry improvements and then make recommendations based on that research.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Stay up to date on emerging information technology trends and security standards.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Educate IT &amp; security governance team members, supervisors, executives, and other stakeholders to help integrate system security best practices into the company’s access procedures.</span></li> </ul> <p><strong>Requirements: </strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">3+ years of experience in the Informations Security or related domain(s)</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">A BS or MS in computer science, information systems, engineering, or cybersecurity is required&nbsp;</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Experience with computer network penetration testing and techniques</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Experience or knowledge with OWASP framework</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">The demonstrable ability to identify and mitigate network vulnerabilities and communicate how to avoid them</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Experience monitoring network traffic to detect potential threats and then responding to those threats promptly</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Incident response skills and experience in managing the negative effects of a security attack or breach, including the minimization of the impact and the altering of security controls for future prevention</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Experience in computer forensics and the prevention of crime through the collection, analysis, and reporting of data</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">The ability to document and report evidence to the proper stakeholders in the event of a security breach</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">The ability to reverse engineer a piece of software to discover how and what it does so that it can be patched for a bug or to analyze it for a potential malware attack</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Deep knowledge and understanding of firewall concepts, network protocols (TCP/IP, IPSEC, routing, etc.), network and app level threat vectors and attack techniques</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Relevant technical skills and experience with industry standard identity and access management solutions</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Proficiency in languages such as Python, Bash Scripting, JavaScript, SQL, etc.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">One or more of these security certifications CISSP, CISA, GSEC, CEH, CGEIT or similar</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Experience with security audits such as ISO 27001, GDPR, CCPA, SOC2, etc.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Effective analytical abilities and an affinity for attention to detail that can be used to evaluate an organization’s needs and implement solutions</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">The capability to interface with multiple levels of the organization and to serve as an influencer and a team player</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Strong presentation, facilitation, and written/verbal communication skills</span></li> </ul> <p><strong>Benefits</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Competitive salary and equity for all full-time employees</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Employer paid medical, dental, and vision insurance</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Generous paid time off, paid holidays, paid volunteer time off, and paid parental leave</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Kitchen with fully-stocked snacks and drinks</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Company-sponsored happy hours and team events</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Turo host matching and vehicle reimbursement program</span></li> </ul> <p><strong>About Turo</strong></p> <p><span style="font-weight: 400;">Turo is the world’s largest car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, the UK, and Germany. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership. A pioneer of the sharing economy and the travel industry, Turo is a safe, supportive community where the car you book is part of a story, not a fleet. Discover Turo at </span><a href="https://turo.com/"><span style="font-weight: 400;">https://turo.com</span></a><span style="font-weight: 400;">, the App Store, and Google Play, and check out our blog, </span><a href="https://blog.turo.com/"><span style="font-weight: 400;">Field Notes</span></a><span style="font-weight: 400;">.&nbsp;&nbsp;</span><span style="font-weight: 400;">&nbsp;</span></p> <p><span style="font-weight: 400;">Turo has raised $450M to date from top-tier investors, including IAC, Daimler AG, Kleiner Perkins, GV, Canaan Partners, August Capital, and Shasta Ventures.&nbsp;</span></p> <p><span style="font-weight: 400;">Turo cultivates a tight-knit team of smart, critical thinkers who care about their work and their colleagues. Our recruiting team is always on the lookout for supportive, down-to-earth, pioneering, and efficient candidates to grow our team's talent and enrich our culture.</span></p> <p>#LI-ZS1</p> <p><a href="https://medium.com/@andre_haddad/connecting-the-dots-to-a-compelling-not-cultish-company-culture-35dc871cba08"><span style="font-weight: 400;">Read more</span></a><span style="font-weight: 400;"> about the Turo culture according to Turo CEO, Andre Haddad.</span></p> <p>&nbsp;</p> <p><span style="font-weight: 400;">We're an equal opportunity employer and value diversity at our company. We don't discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. When in doubt, please apply!</span></p>


Interested? Apply here.