Security Engineer

About TurvoTurvo is the first multi-enterprise collaborative platform specifically designed for the global supply chain. Turvo connects people and organizations allowing shippers, logistics providers and carriers to digitally transform their workflows with cloud-based software and mobile applications for a better customer experience and brand differentiation. The technology unifies all systems, internal and external, providing one end-to-end platform to execute all operations and analytics, while eliminating redundant manual tasks and automating business processes.Turvo is based in the San Francisco Bay Area with offices in Dallas, Texas, and Hyderabad, India.About The RoleWe are looking for a hands-on Security Engineer to join our Engineering team to drive Turvo's Product Security function. This is an excellent opportunity to have a significant impact and high visibility building out scalable security tooling and processes. The successful candidate will help to lead Product Security strategy around Secure Software Development Lifecycle (SDLC), Penetration Testing and will collaborate closely with our Product Engineering, Infrastructure Engineering, SRE and IT organization to ensure that secure delivery of Turvo’s SaaS platform is continually improving. The Security Engineer must have experience working in hands-on Security Engineering environmentsThe candidate will be responsible forParticipate in the Application Security project, following the OWASP standardsParticipate in and support application security reviews and threat modeling, including code review and dynamic testing. Own and perform application security vulnerability managementFacilitate and support the preparation of security release Participate in the cloud infrastructure security projectSupport and consult with product and development teams in the area of application security Assist in creation of security training Assist in development of automated security testing to validate that secure coding best practices are being usedRequired skills4+ of experienceExperience working with programming languages (Java, Python, JavaScript, etc.) and relational databases like MySQL Security Testing (SAST, DAST, IAST) knowledge.A basic understanding of attacks and threats for Web Applications.A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).Experience working with engineering teamsExperience identifying security issues through code reviewStrong motivation to drive impact by making product or infrastructure Improvements .Proactiveness team-work and fast learning.