Senior IT Security Analyst


San Francisco, CA, US
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 12/26/2020
  • Website:
  • Company Address: 116 New Montgomery St, Suite 700, San Francisco, CA, 94105

About Turo

Turo is a peer-to-peer car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, and the UK. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership.

Job Description


Turo is searching for a highly motivated and versatile IT Security Analyst to join our IT and Security governance team. Under the guidance of the IT Director, you will own the responsibilities of monitoring company networks and systems for security vulnerabilities, installing and maintaining appropriate security software, test current security protocols, update IT & security governance policies, build and maintain SOC services, assist with security assessments and audits, and implement changes to security systems as necessary. Data is vital to the strategic vision of Turo. Therefore, data must always be secure from unauthorized access. The successful candidate will have advanced technical skills in IT infrastructure, systems, and cybersecurity protocols. Effective communication skills are also vital to the position.


  • Monitor computer enterprise networks for security issues and investigate security breaches and other cyber security incidents when they occur based on established policies and protocols.
  • Install security measures, authentication protocols, hardware, and software to protect systems and information infrastructure, including firewalls and data encryption programs.
  • Conduct security assessments through vulnerability testing and risk analysis and perform both internal and external security audits
  • Analyze security breaches to identify their root cause and then document findings and assess the damage they cause.
  • Work with other IT & security governance team members and department heads across the organization to formulate and perform tests, audit protocols, and other techniques to uncover network vulnerabilities.
  • Review the latest security alerts, both internal and external, to determine relevancy and urgency regarding the company and established policies.
  • Develop and implement systems, policies, and protocols to continuously scrutinize the network infrastructure and operating environment for vulnerabilities, weaknesses, flaws, and deviations from policy and standard.
  • Maintain security awareness training program to all employees
  • Develop and deliver metrics that can be used to measure security capability and performance.
  • Ensure that digital assets are protected from unauthorized access including both cloud and on-premise infrastructures and public-facing or internal systems.
  • Provide reports and other documentation for IT administrators, managers, and security team members to use to evaluate the efficacy of the security policies in place.
  • Develop company-wide best practices for IT security policies, protocols, and procedures and perform network penetration testing to assess the performance of those best practices.
  • Verify the security procedures and systems of our third-party vendors and collaborate with them to meet security and regulatory compliance requirements.
  • Research security enhancements, innovations, and industry improvements and then make recommendations based on that research.
  • Stay up to date on emerging information technology trends and security standards.
  • Educate IT & security governance team members, supervisors, executives, and other stakeholders to help integrate system security best practices into the company’s access procedures.


  • 5+ years of experience in the Informations Security or related domain(s)
  • A BS or MS in computer science, information systems, engineering, or cybersecurity is required 
  • Experience with computer network penetration testing and techniques
  • Experience or knowledge with OWASP framework
  • The demonstrable ability to identify and mitigate network vulnerabilities and communicate how to avoid them
  • Experience monitoring network traffic to detect potential threats and then responding to those threats promptly
  • Incident response skills and experience in managing the negative effects of a security attack or breach, including the minimization of the impact and the altering of security controls for future prevention
  • Experience in computer forensics and the prevention of crime through the collection, analysis, and reporting of data
  • The ability to document and report evidence to the proper stakeholders in the event of a security breach
  • The ability to reverse engineer a piece of software to discover how and what it does so that it can be patched for a bug or to analyze it for a potential malware attack
  • Deep knowledge and understanding of firewall concepts, network protocols (TCP/IP, IPSEC, routing, etc.), network and app level threat vectors and attack techniques
  • Relevant technical skills and experience with industry standard identity and access management solutions
  • Proficiency in languages such as Python, Bash Scripting, JavaScript, SQL, etc.
  • One or more of these security certifications CISSP, CISA, GSEC, CEH, CGEIT or similar
  • Experience with security audits such as ISO 27001, GDPR, CCPA, SOC2, etc.
  • Effective analytical abilities and an affinity for attention to detail that can be used to evaluate an organization’s needs and implement solutions
  • The proven ability to work independently with minimal supervision and ability to perform and oversee complex tasks and prioritize multiple tasks based on overall strategic goals
  • The capability to interface with multiple levels of the organization and to serve as an influencer and a team player
  • Strong presentation, facilitation, and written/verbal communication skills


  • Competitive salary and equity for all full-time employees
  • Employer paid medical, dental, and vision insurance
  • Generous paid time off, paid holidays, paid volunteer time off, and paid parental leave
  • Kitchen with fully-stocked snacks and drinks
  • Company-sponsored happy hours and team events
  • Turo host matching and vehicle reimbursement program

About Turo

Turo is the world’s largest car sharing marketplace where you can book any car you want, wherever you want it, from a vibrant community of trusted hosts across the US, Canada, the UK, and Germany. Guests choose from a totally unique selection of nearby cars, while hosts earn extra money to offset the costs of car ownership. A pioneer of the sharing economy and the travel industry, Turo is a safe, supportive community where the car you book is part of a story, not a fleet. Discover Turo at, the App Store, and Google Play, and check out our blog, Field Notes.   

Turo has raised $450M to date from top-tier investors, including IAC, Daimler AG, Kleiner Perkins, GV, Canaan Partners, August Capital, and Shasta Ventures. 

Turo cultivates a tight-knit team of smart, critical thinkers who care about their work and their colleagues. Our recruiting team is always on the lookout for supportive, down-to-earth, pioneering, and efficient candidates to grow our team's talent and enrich our culture.

Read more about the Turo culture according to Turo CEO, Andre Haddad.

We're an equal opportunity employer and value diversity at our company. We don't discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. When in doubt, please apply!

Related Jobs

Staff Android Engineer

Turo - San Francisco, CA, US

Senior iOS Engineer

Turo - San Francisco, CA, US

Senior DevOps Engineer

Turo - San Francisco, CA, US

Senior Backend Engineer

Turo - San Francisco, CA, US

Senior Account Executive (Team Lead; Bilingual)

Turo - Toronto, Ontario, CA
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.