At Lyft, our purpose is to serve and connect. We aim to achieve this by cultivating a work environment where all team members belong and have the opportunity to thrive. Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going; they expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust. The security team designs and builds Lyft's security architecture, consults with other teams as they build and launch new products and features, proactively plans for the unexpected, and responds to incidents that occur. Our work affects the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps, IT, bikes, scooters, and autonomous vehicles. We try to approach security from a software engineering standpoint. We believe in scaling security through automation and tooling and we ship frequently. Check out our blog posts at https://eng.lyft.com/tagged/security to learn about some of the things we’ve built. The Security team’s mission: Empower the company to ship secure products. Provide clear guidance on secure code and implement quality gates across our software delivery pipeline. We’re looking for the right person to join our Application Security Team. We work closely with many teams across the company to fix security problems and enforce best practices. In order to be scalable, we need to understand root causes, identify similar issues across Lyft and directly remediate critical issues. **Responsibilities:** + Develop, improve and expand scalable security platforms and tools to discover and resolve security issues in production environments. + Embed with application teams to remediate security issues by writing, testing and rolling out fixes to services they own (primarily in go and python). You will need to quickly get up to speed in unfamiliar environments, ship fixes safely, and advance to the next area of need. + Investigate new attack vectors that may affect Lyft, develop proposed solutions and advocate for them. **Experience:** **_Security professionals come from many backgrounds. We encourage you to apply even if you do not match this list perfectly._** + Development experience with AWS, microservices, containers, kubernetes, envoy and terraform. + Experience with backend AI engineering and securing AI tools, e.g. MCP servers and third party services. + Experience with security tools like semgrep, nuclei, burp. + Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means + Experience with (or a deep interest in) computer security, ideally in both attacking and defending services. + Understanding that security work must be prioritized because all teams have finite resources. You have good judgment and a sense of when to compromise and when to hold your ground Lyft highly values having employees working in-office to foster a collaborative work environment and company culture. This role will be in-office on a hybrid schedule following the establishment of a Lyft office in Mexico City — Team Members will be expected to work in the office 3 days per week on Mondays, Wednesdays, and Thursdays. Lyft considers working in the office at least 3 days per week to be an essential function of this hybrid role. Additionally, hybrid roles have the flexibility to work from anywhere for up to 4 weeks per year. #Hybrid Please submit your resume in English.