Software Engineer, Security Detection & Response

Our drivers and passengers entrust Lyft with their personal information and travel details to get where they’re going and expect us to keep that data safe. Lyft’s security team leads efforts across the company to ensure our systems are secure and worthy of our users’ trust.
The security team designs and builds Lyft’s security architecture, consults with other teams as they build and launch new products and features, and responds to incidents that occur. Our work affects the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps and IT. We try to approach security from a software engineering standpoint. We believe in scaling security through automation and tooling and we ship frequently.
We’re looking for a security engineer who’s excited about protecting Lyft and our users through swift detection of and response to security incidents. You’ll develop and automate techniques to hunt for and alert on attacker behavior with high signal-noise ratio, test our detection and response capabilities to improve our tools and processes, and act as a calm and rational incident commander when incidents do occur. You’ll help to scale security at Lyft to support our continued growth and your work will have significant impact and visibility.
Check out our blog posts at to learn more about some of the things we’ve built.

What you will do:

    • Build and deploy tools to improve detection and response capabilities on Lyft production systems and endpoints. This could range from better alerts on top of our existing log infrastructure to deploying osquery on our laptop fleet.
    • Work with other teams to ensure that all critical systems and workflows have effective and appropriate detection and alerting.
    • Develop runbooks for IT and security teams to handle likely or frequent incident types and help scale incident response activities within the team and across the company.
    • Test the effectiveness of our detection and response capabilities through tabletop exercises and internal red teaming.
    • Investigate and handle alerts, reports of unusual behavior, and security incidents.
    • Participate in an on-call rotation to handle high-severity security alerts and incidents.
    • Conduct your own research and stay on top of of new research, attacks, and industry trends.

About you:

    • You have experience with (or a deep interest in) computer security, ideally in both attacking and defending web applications and their supporting infrastructure.
    • You’re a software engineer with solid experience in a high level programming language. Bonus points for experience with C and shell scripts.
    • You’re a great communicator and can advocate for your proposals while also empathizing with your teammates’ goals and priorities.
    • You understand that security work must be prioritized because all teams have finite resources. You have good judgment and a sense of when to compromise and when to hold your ground.
    • When facing a problem that’s poorly defined or outside of your expertise, you can quickly learn what you need to dig in, make sense of the problem, and start working towards a solution.

In addition, our ideal candidate has experience with a subset of:

    • Teaching your coworkers about security best practices.
    • Amazon Web Services (AWS) or another cloud infrastructure provider.
    • Host instrumentation and monitoring for fleets of Linux or macOS systems.
    • Instrumentation and monitoring for corporate IT infrastructure.
    • Reverse engineering, malware analysis, or digital forensics.
    • Data analysis, machine learning, or anomaly detection.
    • Computer network security or major computer networking protocols (e.g. TCP/IP, HTTP, TLS, DNS).
Lyft is an EEO employer that actively pursues and hires a diverse workforce, and pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.