Senior Security Engineer

About Turvo:
Turvo provides a collaborative Transportation Management System (TMS) application designed specifically for the supply chain. Turvo Collaboration Cloud connects freight brokers, 3PLs, shippers, and carriers to unite supply chain ecosystems, delivering outstanding customer experiences, real-time collaboration, and accelerated growth. The technology unifies internal and external systems, providing one end-to-end solution that streamlines operations, enhances analytics, and automates business processes while eliminating redundant manual tasks. Turvo’s customers include some of the world’s largest Fortune 500 logistics service providers and shippers as well as small to mid-sized freight brokers.

Turvo is based in Dallas, Texas, with offices in Hyderabad, India. (www.turvo.com).

About the Role:

As a Senior Security Engineer at Turvo, you will be the frontline architect of our digital defenses. In an industry where real-time collaboration and data integrity are paramount, your mission is to ensure our supply chain platform remains a fortress against evolving threats. This is not a "check-the-box" compliance role. You will be a hands-on technical leader, bridging the gap between deep-dive penetration testing and high-level security strategy. You’ll partner with engineering teams to weave security into the very fabric of our code, automate defenses within our CI/CD pipelines, and play a pivotal role in maintaining our gold-standard SOC 2 compliance. If you thrive on breaking things to make them unshakeable and enjoy the challenge of securing complex cloud ecosystems, you’ll find a home here.

Responsibilities::
• Perform penetration tests on web apps, mobile apps, APIs, and cloud environments.
• Define and drive the overall security testing strategy.
• Work closely with developers, architects, and operations teams to embed security into the SDLC.
• Design and implement security test plans, including penetration testing, vulnerability assessments, and secure code reviews.
• Ensure coverage of applications, networks, endpoints, and cloud environments.
• Evaluate and recommend security testing tools (e.g., SIEM, IDS/IPS, malware proxies, firewalls).
• Evaluating and implementing SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) tools.
• Reviewing cloud configurations (AWS) and network topologies for "low-hanging fruit" like open ports or misconfigured S3 buckets.
• Develop and maintain security testing frameworks, processes, and documentation.
• Conduct risk assessments and threat modeling to identify critical vulnerabilities.
• Writing scripts to automate security checks within the CI/CD pipeline.
• Develop and implement an incident response plan.
• Stay updated on the latest attack techniques, exploits, and security tools.

Required Skills::
• Bachelor’s degree in Computer Science or equivalent.
• Strong troubleshooting skills with the ability to make swift, informed judgment calls under pressure.
• Strong written and verbal skills; ability to translate complex security risks into actionable insights for stakeholders at all levels.
• Ability to multitask high-priority projects alongside day-to-day security operations effectively.
• Passionate, collaborative team player with a relentless work ethic and a focus on shared success.
• A proven track record in achieving SOC 2 compliance certification.

Desired Skills::
• OSCP, AWS Certified Security – Specialty, or CEH.
• Expertise in AWS cloud technologies is essential.
• Experience with Zscaler, Carbon Black, and Snyk will be considered a significant advantage.