AppSec Jobs
← Back to all jobs

Lyft

Senior Software Engineer, Cloud Security

Mexico City, MexicoWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Lyft

Lyft is a global mobility platform that offers on-demand ridesharing and transportation services. Founded in 2012 and headquartered in San Francisco, California, Lyft has grown from its origins as Zimride, a long-distance carpooling service, into one of the largest ridesharing networks worldwide. The company became publicly traded in March 2019, raising significant capital to support its expansion. Lyft provides a wide range of transportation services, including ridesharing, taxi services, private hire vehicles, executive chauffeur services, car sharing, and bike and scooter rentals. The company operates across six continents and thousands of cities, with a notable presence in Canada since 2017. Lyft's mission is to improve lives through exceptional transportation, and it emphasizes social responsibility and brand authenticity. As the second-largest ridesharing company in the U.S., Lyft serves millions of drivers and has facilitated billions of rides globally.

Industry

transportation/trucking/railroad

Employees

3,000

1207 engineers

Revenue

$5.8B

Website

Visit →

Security at Lyft

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Lyft's Security team's mission is to empower the company to ship secure products.
  • Their approach involves providing feedback within 30 seconds of a developer opening a PR or pushing a commit.
  • They also provide clear guidance on secure code and implement quality gates across the software delivery pipeline.
  • A key principle is that everything has to be measured.
  • They believe in scaling security through automation and tooling and ship frequently.

Security Team

Lyft's AppSec team believes in scaling security through automation and tooling and ships frequently. Information regarding the team's organizational structure, reporting lines, key public-facing leaders, and exact team size is not publicly available.

Key Initiatives

  • Lyft's AppSec initiatives include providing feedback within 30 seconds of a developer opening a PR or pushing a commit.
  • This has resulted in the average fix time dropping to 7 minutes.
  • They convert container scan data into tickets, linked with automated pull requests.
  • They implement quality gates across the software delivery pipeline.
  • Vulnerability intake includes a bug bounty program for security researchers.
  • Vulnerabilities can be reported via their HackerOne program.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.