logo inner

Staff Software Engineer, Platform Security

CompanyTuro
LocationToronto, Ontario, Canada
TypeOnsite
Sub
Software Engineer

About the team:


Turo is looking for a code-forward security engineer to secure our cloud-native infrastructure through software engineering excellence. The Platform Security team builds security automation, tooling, and self-service platforms that engineering teams can easily and seamlessly adopt. As a Staff Software Engineer, you will act as a technical leader for complex security projects spanning our cloud environment, Kubernetes platforms, and GitOps workflows. You will drive security improvements through code contributions, PRDs/RFCs, and AI-assisted development practices while mentoring engineers on secure infrastructure patterns.

What you will do:


  • Write production-grade code to secure cloud infrastructure. This is fundamentally a software engineering role with security expertise.
  • Lead security initiatives through spec-driven development (PRDs/RFCs, SPADE framework), designing self-service security solutions using infrastructure-as-code (Terraform), GitOps workflows (ArgoCD, Kustomize), and CI/CD pipelines (GitHub Actions) that create "paved roads" making secure choices the easiest choices.
  • Leverage AI-assisted development (Claude Code, AI agents, spec generation) to accelerate security engineering velocity, rapidly prototype solutions, debug complex systems, and maintain high-quality code.
  • Serve as incident commander for P1/P2 security investigations, conducting forensics analysis, coordinating cross-functional response, and documenting post-mortems with actionable improvements.
  • Partner with Core Platform Engineering and Platform Reliability Engineering teams to establish secure-by-default infrastructure patterns for Kubernetes workloads, container images, and cloud resources.
  • Manage vulnerability remediation programs through zero-downtime deployments, coordinating security upgrades across production Kubernetes clusters while maintaining 100% service availability.
  • Evaluate and integrate security tooling (CSPM, container scanning, SAST) with emphasis on automation and developer experience: building CLI wrappers, GitHub Actions workflows, and Slack integrations.
  • Contribute to Platform Security roadmap through data-driven prioritization, security architecture reviews, threat modeling, and evidence-based investment decisions that balance protection with engineering velocity.
  • Proactively identify opportunities to reduce technical security debt, eliminate manual toil through automation, and implement defense-in-depth strategies.
  • Participate in security on-call rotation with well-documented runbooks, automated alerting (PagerDuty, Slack), and clear escalation workflows.

Your profile:


  • Strong software engineering skills in Python, Go, Java, or similar languages with ability to write production-quality code, design APIs, build CLIs, and maintain services that other engineers depend on.
  • Expert knowledge of AWS security (EC2, EKS, S3, IAM, CloudTrail, Organizations, KMS) with hands-on experience securing multi-account architectures and implementing least-privilege designs.
  • Deep expertise in Kubernetes security including cluster hardening, workload isolation, RBAC, network policies, secrets management, admission controllers, and container runtime security at scale.
  • Proficiency in infrastructure-as-code (Terraform, Helm, Kustomize) and GitOps workflows (ArgoCD, FluxCD) for declarative infrastructure with built-in security controls and policy enforcement.
  • Experience building security tooling that developers actually use (CLIs, GitHub Actions, Slack bots) with focus on delightful developer experience and minimal friction.
  • Strong CI/CD security expertise including supply chain security (dependency scanning, SBOM generation), secret management (OIDC federation, ephemeral credentials), and policy enforcement.
  • Skilled at influencing without authority and the ability to convince engineering teams to adopt security practices through empathy, clear communication, and tools that make their jobs easier.
  • Ability to signal risk effectively using data, make pragmatic security trade-offs, and facilitate collaborative decision-making in technically complex environments.
  • Strong incident response capabilities including forensics investigation, log analysis, evidence preservation, and post-incident review with blameless culture.
  • Ability to mentor engineers through code reviews, pairing sessions, security design reviews, and career development conversations; a proven track record developing security champions.
  • Ability to thrive in fast-paced environments, making sound security decisions under pressure while maintaining engineering discipline and avoiding security theater.
  • Demonstrate Turo's values through collaborative approach to security, willingness to teach and learn, and bias toward action over perfection.

Education and Experience


  • Bachelor's degree in Computer Science, Engineering, or related field and 7+ years of relevant industry experience in security engineering, platform engineering, or DevSecOps roles.

OR

  • Equivalent combination of education and experience demonstrating expertise in cloud infrastructure security, Kubernetes security, and security automation.

Bonus Points!


  • Contributions to open-source security projects or public security research (blogs, conference talks, CVE discoveries, tooling releases)
  • Experience with GitOps at scale (hundreds of repositories, thousands of resources, automated sync policies)
  • Offensive Security certifications (OSCP, CRTO, CKS, etc)
  • Experience with service mesh security (Istio, Linkerd, Envoy) including mTLS and authorization policies
  • Experience with compliance frameworks (SOC 2, PCI-DSS, ISO 27001) and translating requirements into engineering solutions
  • Background in offensive security (penetration testing, red team, CTF) bringing adversarial mindset to defensive engineering
  • Experience managing security vendor relationships (pentesting programs, bug bounty platforms)
  • Experience with multi-cloud architectures beyond AWS (GCP, Azure, hybrid cloud)
  • Experience with policy-as-code frameworks (OPA, Kyverno, Sentinel)

The Toronto Canada base salary target range for this full-time position is $132,000-$165,000 + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position in Toronto, Canada. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your work location during the hiring process. 

Turo highly values having employees working in-office to foster a collaborative work environment and company culture. This role will be in-office on a hybrid schedule — Turists will be expected to work in the office 3 days per week on Mondays, Wednesdays, and Thursdays. Turo considers working in the office at least 3 days per week to be an essential function of this hybrid role. Your recruiter can share more information about the various in-office perks Turo offers.


#LI-NR1#LI-Hybrid

Benefits


  • Competitive salary, equity, benefits, and perks for all full-time employees
  • Employer-paid medical, dental, and vision insurance (Country specific)
  • Retirement employer match
  • Learning & Development stipend to invest in your professional development
  • Turo host matching program
  • Turo travel credit
  • Cell phone and internet stipend
  • Paid time off to relax and recharge
  • Paid holidays, volunteer time off, and parental leave
  • For those who are in the office full-time or hybrid we have in-office lunch, office snacks, and fun activities

We are committed to building a diverse team. If you are from a background that's underrepresented in tech, we'd love to meet you.Aside from an award winning work environment and the opportunity to be part of the world’s largest car sharing marketplace, we are also growing the team quickly - join us!  Even if you don't meet every qualification, we are looking for people with enthusiasm for what we do and we will consider you for this and other possibilities.

About Turo


Turo is the world’s largest car sharing marketplace where you can book the perfect car for wherever you’re going from a vibrant community of trusted hosts across the US, UK, Canada, Australia, and France. Whether you're flying in from afar or looking for a car down the street, searching for a rugged truck or something smooth and swanky, Turo puts you in the driver's seat of an extraordinary selection of cars shared by local hosts.Discover Turo at https://turo.com, the App Store, and Google Play, and check out our blog, Field Notes.  Read more about the Turo culture according to Turo CEO, Andre Haddad.Turo is an Equal Opportunity Employer and a participant in the U.S.

Federal E-Verify program.  Women, minorities, individuals with disabilities and protected veterans are encouraged to apply.  We welcome people of different backgrounds, experiences, abilities and perspectives.  Turo will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance, as applicable.  We welcome candidates with physical, mental, and/or neurological disabilities. If you require assistance applying for an open position, or need accommodation during the recruiting process due to a disability, please submit a request to People Operations by emailing PeopleOps@turo.com. 

Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025