Lead Security Engineer (Remote)
Remote
AllTrails
Search over 450,000 trails with trail info, maps, detailed reviews, and photos curated by millions of hikers, campers, and nature lovers like you.AllTrails is the most trusted and used outdoors platform in the world. We help people explore the outdoors with hand-curated trail maps along with photos, reviews, and user recordings crowdsourced from our community of millions of registered hikers, mountain bikers, and trail runners in 150 countries. AllTrails is frequently ranked as a top-5 Health and Fitness app and has been downloaded by over 50 million people worldwide. AllTrails was selected as Apple's App of the Year in 2023!
Every day, we solve incredibly hard problems so that we can get more people outside having healthy, authentic experiences and a deeper appreciation of the outdoors. Join us!
Bay Area employees are highly encouraged to come into the office one day a week.
About the Role
As the Lead Security Engineer at AllTrails, you’ll play a pivotal role in our continued growth and expansion by leading and managing security functions across the organization. You'll also be deeply involved in our infrastructure and engineering projects to help deliver on our vision of fostering happy, healthy communities by connecting people to the outdoors and to each other. If this role sounds right to you and you're motivated by the idea of channeling your energy to help millions of people around the globe spend more time exploring the outdoors, then we want to talk to you.
What You’ll Be Doing:
- Serving as an engineering leader and expert on security
- Define and implement the security roadmap, ensuring compliance with company requirements and industry standards
- Drive automation and toolchain improvements to enhance security processes
- Collaborate across teams (Engineering/IT/Compliance) to maintain alignment on security policies, workflows, and service level agreements
- Integrate security into development workflows and infrastructure using automation, infrastructure-as-code, and cloud security scanning techniques
- Act as a hands-on leader in security tool integration, ensuring seamless integration into CI pipelines and deployment systems
Requirements:
- 10+ years of experience leading cybersecurity or corporate security programs, with a focus on securing large-scale web/cloud applications and infrastructure
- Expertise in security infrastructure, including SIEM, firewalls, intrusion detection, identity and access management, and vulnerability management
- Familiarity with various software development life cycles and product security programs
- Proven experience in managing security incidents, including root cause analysis, executive briefings, and communication strategies
- Experience leading bug bounty programs, penetration testing, and triaging security findings
- Strong cross-functional collaboration skills with internal teams (business, engineering) and external incident response teams
- In-depth knowledge of security compliance requirements, such as GDPR, and guiding organizations through compliance processes
- Hands-on experience with Infrastructure-as-Code frameworks (e.g., Terraform) and automating security tools and processes (e.g., using Bash, Python)
- Humility, empathy and open-mindedness - no egos
- Believe that strong teams are built on trust and autonomy
- Passion for the outdoors
Bonus Points:
- Proficient with Github and integration of security tools into the CI/CD pipeline
- Experience with infrastructure automation and how to enforce secure configurations in cloud infrastructure
- Hands-on AWS and terraform experience
Technologies We Use:
- AWS, GCP, Terraform, Kubernetes
- Ruby, Python, Javascript/Typescript
- MySQL Databases
- Github Actions, BugCrowd, Jira
Our Commitment to You:
- A competitive and equitable compensation plan. This is a full-time, salaried position that includes equity.
- Physical & mental well-being: health, dental and vision benefits + monthly stipend for wellness expenses.
- Trail Days: No meetings first Friday of each month to go test the app and explore new trails!
- Unlimited PTO.
- Flexible parental leave.
- Remote employee equipment stipend to create a great remote work environment.
- Annual continuing education stipend.
- Discounts on subscription and merchandise for you and your friends & family.
- An authentic investment in you as a human being and your career as a professional.
AllTrails participates in the E-Verify program for all remote locations.By submitting my application, I acknowledge and agree to AllTrails' Job Applicant Privacy Notice.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Automation AWS Bash CI/CD Cloud Compliance Firewalls GCP GDPR GitHub IAM Incident response Intrusion detection JavaScript Jira Kubernetes MySQL Pentesting Privacy Product security Python Ruby SIEM Terraform TypeScript Vulnerability management
Perks/benefits: Career development Competitive pay Equity / stock options Fitness / gym Flex vacation Health care Parental leave Salary bonus Unlimited paid time off Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.