Software Engineer, Application Security

Lyft, San Francisco, CA

Lyft is your friend with a car, whenever you need one

Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going, and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust.

The security team designs and builds Lyft's security architecture, consults with other teams as they build and launch new products and features, and responds to incidents that occur. Our work affects the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps and IT. We try to approach security from a software engineering standpoint. We believe in scaling security through automation and tooling and we ship frequently.

We’re looking for an application security engineer who’s excited about helping Lyft ship safe software quickly. You’ll help product and engineering teams at Lyft develop new features and products that are innovative and protect our users, build systems and tools to make it easy for engineers at Lyft to develop safe software by default, and promote security throughout the company. You'll help to scale security at Lyft to support our continued growth and your work will have significant impact and visibility

Check out our blog posts at https://eng.lyft.com/tagged/security to learn more about some of the things we’ve built.

What you will do:

  • Build automated tools to assess Lyft’s software for vulnerabilities and bad practices and surface this information directly to developers as part of their workflow.
  • Build and enhance internal frameworks to make it easy for Lyft engineers to produce safer software by default.
  • Consult with product and engineering teams at appropriate milestones in our SDLC, including brainstorming, design review, and code review to help ensure our products are safely designed and correctly implemented.
  • Manage and shepherd engagements with third parties to assess the security of Lyft’s applications.
  • Participate in rotation to triage and reward reports submitted to our (private) bug bounty program.
  • Conduct your own research and stay on top of of new research, attacks, and industry trends.
  • Maintain close relationships with teams develop Lyft’s highest risk or most critical software.

About you:

  • You have experience with (or a deep interest in) computer security, ideally in both attacking and defending web applications.
  • You're a software engineer with solid experience with a high level programming language. Bonus points for experience with a frontend (e.g. React or Angular) or mobile app development stack (e.g. iOS or Android).
  • You're a great communicator and can advocate for your proposals while also empathizing with your teammates' goals and priorities.
  • You understand that security work must be prioritized because all teams have finite resources. You have good judgment and a sense of when to compromise and when to hold your ground.
  • When facing a problem that's poorly defined or outside of your expertise, you can quickly learn what you need to dig in, make sense of the problem, and start working towards a solution.

In addition, our ideal candidate has experience with a subset of:

  • Teaching your coworkers about security best practices.
  • Running multi-tier or distributed web applications at scale.
  • Developing or attacking mobile apps on Android or iOS.
  • Helping developers identify and fix common vulnerabilities (e.g. OWASP Top 10 or SANS Top 25)Automating static and dynamic security testing as part of your CI pipeline.
  • Deploying CSP and/or HPKP in production on a popular website.
  • Amazon Web Services (AWS) or another cloud infrastructure provider.
Lyft is an EEO employer that actively pursues and hires a diverse workforce, and pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

About Lyft

Wherever you’re headed, count on Lyft for rides in minutes. The Lyft app matches you with local drivers at the tap of a button. Just request and go.

Ride by ride, we’re changing the way our world works.

Want to learn more about Lyft? Visit https://www.lyft.com/