At Lyft, our mission is to improve people’s lives with the world’s best transportation. To do this, we start with our own community by creating an open, inclusive, and diverse organization.

Lyft connects people to transportation to change the way we live and get around our communities. Lyft’s engineering team is growing rapidly, and we are looking for Security Engineers to help us scale. Come be part of a new team at Lyft focused on enabling and empowering engineering teams to deliver at scale.

Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust.

Lyft Security builds systems to protect and defend infrastructure and services from cyber attacks. We consult with teams as they build and launch new products and features, proactively plans for the unexpected, and responds to incidents that occur. Our work has company wide impact and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps, IT, bikes, scooters, etc. We believe in scaling security through engineering fundamentals, automation, and tooling. Check out our blog posts at https://eng.lyft.com/tagged/security to learn more about some of the things we’ve built.

The Incident Response team owns identification,  and response of security indents as well as our proactive hypothesis based Threat Hunting program.

The Security Analyst is part of the detection and response group obsessed with quality of security alerts, feedback loops to respond quickly to incidents, reducing time to detect and executing proactive actions.

Swiftly Respond to Security Incidents:

• Respond promptly to security incidents by orchestrating coordinated responses across engineering teams and other relevant disciplines.

Analyze and Prioritize High-Quality Security Alerts:

• Assess and prioritize security alerts of high quality with the potential to impact the organization, based on SOCLess approach 

Collaborate with the Detection Engineering Team:

• Work closely with the Detection Engineering Team to identify and implement new security strategies aimed at detecting threats, reducing the attack surface, and enhancing the organization's overall cybersecurity posture.

Conduct Proactive Threat Hunting Operations:

• Define and execute proactive threat hunting operations across the organization's systems and services, aiming to uncover detection gaps, identify weaknesses in security controls, and refine existing processes.

Assess the Organization's Threat Landscape:

• Evaluate the threat landscape specific to the organization to prioritize proactive security measures and actions.

Develop Automation and Tooling:

• Create and maintain automation tools to enhance the efficiency and impact of the incident response team's activities.

Cultivate and Maintain Key Partnerships:

• Establish and nurture relationships with critical partners both within the organization and externally to foster collaboration and information sharing.

Cybersecurity Knowledge:

• A deep understanding of cybersecurity principles, including threat landscape, attack vectors, and security best practices
• knowledge of security frameworks, standards, and compliance requirements relevant to your industry (e.g., NIST, ISO 27001). (Nice to have)

Technical:

• Proficiency in using security tools and technologies such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and IDS/IPS (Intrusion Detection System/Intrusion Prevention System)
• Strong understanding of operating systems (Windows, Linux, macOS) and their security features.
• Scripting and automation skills, experience with cloud technologies such as AWS/GCP and their tech stack

Incident Detection and Analysis:

• Experience in monitoring and analyzing security alerts and events generated by security systems.
• The ability to identify and investigate potential security incidents and determine their severity.
• knowledge of structure analysis techniques and decision making as OODA loop.

Incident Response Experience:

• Hands-on experience with incident response processes, including identification, containment, eradication, and recovery.
• Experience in handling different types of security incidents, such as malware infections, data breaches, insider threats, zero day vulnerabilities, third-party

Threat Hunting Experience (Nice to have):

• Proven ability to proactively identify and investigate potential threats and vulnerabilities in the organization's environment.
• Familiarity with threat hunting techniques, including TTPs (Tactiques, technique and procedures) analysis, anomaly detection, and behavior analysis.
• Experience in creating and refining threat hunting camping based on hypothesis or cyber threat intelligence.

Communication Skills:

• Strong communication skills to collaborate effectively with other team members, stakeholders, and management.
• Ability to document incident response and threat hunting activities clearly and concisely.
• The ability to adapt to evolving cybersecurity threats and technologies and stay current with industry trends
• Ability to manage multiple tasks and priorities, and work independently with minimal supervision

Certifications: Although we are not requiring security certification, the following could be a plus to be considered:

• Certified Incident Handler (GCIH)
• Certified Threat Intelligence Analyst (CTIA)
• CompTIA Security+
• Certified SOC Analyst (CSA+)
• vendor-specific certifications

This role will be in-office on a hybrid schedule following the establishment of a Lyft office in Mexico City — Team Members will be expected to work in the office 3 days per week on Mondays, Thursdays and a team-specific third day. Additionally, hybrid roles have the flexibility to work from anywhere for up to 4 weeks per year.