Who we are:
KeepTruckin is on a mission to modernize the trucking industry. With the leading fleet management platform, we are bringing trucks online and fundamentally changing the way freight is moved on our roads.
At KeepTruckin, we see our hard work rewarded in tangible ways every day and we believe that intelligence is most powerful when paired with humility. We're motivated by the opportunity to impact and improve every facet of a trillion-dollar industry that touches everyone's lives. KeepTruckin is proud to be a Forbes Cloud 100 company and recognized by Glassdoor as a "Best Place to Work" in 2019.
We are looking for people from all backgrounds who want to make an impact on the millions of drivers who keep our world moving. Together, we laugh hard, snack harder and work together to drive innovation at the intersection of tech and transportation.
About the Job:
As a Security Lead for our engineering organization you will continuously improve the security of our cloud services and infrastructure. You will also be responsible for evaluating, recommending, and implementing application security related software in an automated continuous integration/deployment environment. You will help promote a culture of security across the engineering organization. You will work closely with our application security engineer and upper leadership.
Design, develop, and maintain KeepTruckin's core security protocols, policies, and services
Present findings and explain impact and solutions to any level of leadership and other engineers
Build out a comprehensive security roadmap
Setup security products including SIEM, intrusion detection, etc.
Ensure compliance against relevant industry security standards
Perform regular audits and patch vulnerabilities
Train the team on secure coding and coding best practices
Participate in the design of new services and infrastructure
Create proper automation and monitoring to enforce security policies and detect threats
Promote security best practices on a day to day basis
B.S. or M.S. in Computer Science or a related field, or equivalent work experience
7+ years working within information security disciplines, startup experience a plus
Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
Experience with vulnerability and application scanning tools (i.e., Qualys, Nessus, Burp Suite)
Experience with the Secure Software Development Life Cycle (SSDLC)
Ability to identify and mitigate secure code deficiencies for websites and applications
Experience with information security frameworks (i.e. SOC 2, ISO 27001, PCI)
Experience securing a distributed, cloud-based infrastructure (AWS preferred)
Understanding of technologies related to network security including PKI, DNS, load balancing, IPSec, TLS, and HTTP
Nice to Have:
Certifications such as: CISSP, CASE, OSCP, OSWE, GWAPT, and/or eWPT/eWPTX
Any experience writing automated testing tools utilizing Python, Ruby, etc.
Any experience with IAST (interactive application security testing)
As an equal opportunity employer, we are committed to diversity in the workforce. In accordance with applicable law, we prohibit discrimination against any applicant or employee based on any legally recognized basis, including, but not limited to; race, color, religion, sex (including pregnancy, lactation, childbirth or related medical conditions), sexual orientation, gender identity, age (40 and over), national origin or ancestry, physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed service member status or any other status protected by federal, state or local law.