Staff Security Engineer, Offensive Security

We're Cruise, a self-driving service designed for the cities we love.

We’re building the world’s most advanced self-driving vehicles to safely connect people to the places, things, and experiences they care about. We believe self-driving vehicles will help save lives, reshape cities, give back time in transit, and restore freedom of movement for many.

In our cars, you’re free to be yourself. It’s the same here at Cruise. We’re creating a culture that values the experiences and contributions of all of the unique individuals who collectively make up Cruise, so that every employee can do their best work. 

Cruise is committed to building a diverse, equitable, and inclusive environment, both in our workplace and in our products. If you are looking to play a part in making a positive impact in the world by advancing the revolutionary work of self-driving cars, come join us. Even if you might not meet every requirement, we strongly encourage you to apply. You might just be the right candidate for us.

We are building a world-class Threat Defense organization, and are looking for an exceptional technical leader to take our Red Team to the next level.

The Offensive Security team plays a major role in securing Cruise's uncharted attack surface. We aim to out-think and out-develop Cruise's most sophisticated adversaries, executing complex offensive security operations in Cruise's environment to identify areas to improve the company's security posture and blue team capabilities.

You will come to intimately understand Cruise’s environment and business, and leveraging your in-depth expertise in penetration testing, offensive security and software development, independently plan and execute offensive security operations. You will deliver comprehensive reports and presentations on your team's operations, findings and recommendations. Further, leveraging your deep software development abilities, you will develop tooling, systems and infrastructure to automate certain attacks.

Applicants should look forward to solving hard problems, employing their outstanding written and verbal communication skills, and leading and mentoring others. You should possess extensive experience in offensive security, and be someone who stands out as a top performer, innovator and leader. 

What You’ll Be Doing

• Provide day-to-day technical leadership and support to a team of offensive security engineers

• Set a compelling vision and strategy for offensive security operations and tool development

• Partner closely with the team’s manager to define and gain leadership support for key operational objectives

• Mentor junior and senior security engineers

• Lead complex offensive security operations from ideation through documentation and executive presentation

• Craft novel tools, techniques and procedures to exploit vulnerabilities, gain and establish a foothold across various environments and infrastructure, and successfully carry out complex operational objectives

• Build and support relationships with key partners within and outside of Security

• Educate engineering teams to identify and mitigate security vulnerabilities

• Embody Cruise behaviors and values: Stay Safe, Own It, Stay Focused, Seek Truth, Work Together, Be a Customer, Be Humble

What You Must Have

• In-depth knowledge of current opportunistic and/or advanced threat actor ecosystem, their targeting patterns, and associated tradecraft

• Ability to identify bugs and security flaws in even the most well-guarded systems

• Exceptional communication skills with a knack for building cross-functional relationships 

• Deep understanding of both hardware and software security flaws

• Security expertise in cryptography and exploit development

• Exceptional written and verbal communication skills, with experience presenting rules of engagement and operation findings to executives

• Experience as a red teamer in a fast-paced, collaborative environment

• Experience performing penetration testing of web applications and infrastructure

• Understanding of the Red Team operation lifecycle, from drafting rules of engagement to developing stealthy, reliable malware implants and command and control (C2) protocols

• Expertise in system design, PaaS environments, container orchestration systems, data science platforms

• Ability to write maintainable code for use in offensive operations

• Experience carrying out sophisticated operations in at least one of the following cloud environments: GCP, AWS, Azure

• Passion for breaking things, and an offensive mentality

• Coding proficiency in one or more languages, and the ability to pass difficult coding interviews

Bonus Points

• Contributions to the security community (i.e. open source, public research, blogging, presentations)

• Physical security assessment experience

• Low-level development skills (C, C++, ASM)

The salary range for this position is $187,700 - $275,900. Compensation will vary depending on location, job-related knowledge, skills, and experience. You may also be offered a bonus, restricted stock units, and benefits. These ranges are subject to change.

Why Cruise?

• Our benefits are here to support the whole you:

• Competitive salary and benefits 
• 401(k) Cruise matching program 
• Medical / dental / vision, AD+D and Life
• Subsidized mental health benefits
• Flexible vacation and company paid holidays
• Healthy meals and snacks available for non-remote employees
• Paid parental, jury duty, bereavement, family care, and medical leave
• Fertility Benefits
• Dependent Care Flexible Spending Account
• Flexible Spending Account 
• Pre-tax Commuter Benefit Plan for non-remote employees
• CruiseFlex, a working policy for US-Based Cruisers, lets you and your manager find the working style that’s best for you, whether it’s primarily in-person, primarily at home, or a combination of home and in-office time. - learn more about CruiseFlex here

• We’re Integrated

• Through our partnerships with General Motors and Honda, we are the only self-driving company with fully integrated manufacturing at scale.

• We’re Funded

• GM, Honda, Microsoft, T. Rowe Price, and Walmart have invested billions in Cruise. Their backing for our technology demonstrates their confidence in our progress, team, and vision and makes us one of the leading autonomous vehicle organizations in the industry. Our deep resources greatly accelerate our operating speed.

• We’re Independent

• We have our own governance, board of directors, equity, and investors. Our independence allows us to not just work on the edge of technology, but also define it.

• We’re Vested

• You won’t just own your work here, you’ll have the potential to own equity in Cruise, too. We are competing in a market that is projected to grow exponentially, which gives our company valuation room to grow. We offer a new kind of equity program called Recurring Liquidity Opportunity (RLO), which combines IPO-like liquidity with the stability of remaining private - learn more about RLO here

• We’re Safety Conscious

  • We integrate #staysafe, our top priority at Cruise, into our everyday work. Through our Safety Management System, every Cruiser is asked to do their part by reporting any potential issues or hazards they observe and making continuous improvements. You’ll be able to contribute to safety at Cruise, no matter your job function or title.

Cruise LLC is an equal opportunity employer. We strive to create a supportive and inclusive workplace where contributions are valued and celebrated, and our employees thrive by being themselves and are inspired to do the best work of their lives. We seek applicants of all backgrounds and identities, across race, color, caste, ethnicity, national origin or ancestry, citizenship, religion, sex, sexual orientation, gender identity or expression, veteran status, marital status, pregnancy or parental status, or disability. Applicants will not be discriminated against based on these or other protected categories or social identities. Cruise will consider for employment qualified applicants with arrest and conviction records, in accordance with applicable laws.

Cruise is committed to the full inclusion of all applicants. If reasonable accommodation is needed to participate in the job application or interview process please let our recruiting team know or email [email protected].

We proactively work to design hiring processes that promote equity and inclusion while mitigating bias. To help us track the effectiveness and inclusivity of our recruiting efforts, please consider answering the following demographic questions. Answering these questions is entirely voluntary. Your answers to these questions will not be shared with the hiring decision makers and will not impact the hiring decision in any way. Instead, Cruise will use this information not only to comply with any government reporting obligations but also to track our progress toward meeting our diversity, equity, inclusion, and belonging objectives.

Candidates applying for roles that operate and remotely operate the AV: Licensed to drive a motor vehicle in the U.S. for the three years immediately preceding your application, currently holding an active in-state regular driver’s license or equivalent, and no more than one point on driving record. A successful completion of a background check, drug screen and DMV Motor Vehicle Record check is also required.

Note to Recruitment Agencies: Cruise does not accept unsolicited agency resumes. Furthermore, Cruise does not pay placement fees for candidates submitted by any agency other than its approved partners.