Posted at: 14 November

Lead Security Engineer

Company

AllTrails

AllTrails is a fitness and travel mobile app that connects people to the outdoors, providing access to trail maps, reviews, and images for hiking, mountain biking, and other outdoor activities.

Remote Hiring Policy:

AllTrails has a flexible remote work policy, allowing employees to work from anywhere. The company hires remotely from various regions globally, including multiple continents.

Job Type

Full-time

Allowed Applicant Locations

Worldwide

Salary

$170,000 - $220,000 per year

Apply Here

Job Description

About AllTrails

AllTrails is the most trusted and used outdoors platform in the world. We help people explore the outdoors with hand-curated trail maps along with photos, reviews, and user recordings crowdsourced from our community of millions of registered hikers, mountain bikers, and trail runners in 150 countries. AllTrails is frequently ranked as a top-5 Health and Fitness app and has been downloaded by over 50 million people worldwide. AllTrails was selected as Apple's App of the Year in 2023!

Every day, we solve incredibly hard problems so that we can get more people outside having healthy, authentic experiences and a deeper appreciation of the outdoors. Join us!   

Bay Area employees are highly encouraged to come into the office one day a week.

About the Role

As the Lead Security Engineer at AllTrails, you’ll play a pivotal role in our continued growth and expansion by leading and managing security functions across the organization. You'll also be deeply involved in our infrastructure and engineering projects to help deliver on our vision of fostering happy, healthy communities by connecting people to the outdoors and to each other. If this role sounds right to you and you're motivated by the idea of channeling your energy to help millions of people around the globe spend more time exploring the outdoors, then we want to talk to you.

What You’ll Be Doing:

  • Serving as an engineering leader and expert on security

  • Define and implement the security roadmap, ensuring compliance with company requirements and industry standards

  • Drive automation and toolchain improvements to enhance security processes

  • Collaborate across teams (Engineering/IT/Compliance) to maintain alignment on security policies, workflows, and service level agreements

  • Integrate security into development workflows and infrastructure using automation, infrastructure-as-code, and cloud security scanning techniques

  • Act as a hands-on leader in security tool integration, ensuring seamless integration into CI pipelines and deployment systems

Requirements:

  • 10+ years of experience leading cybersecurity or corporate security programs, with a focus on securing large-scale web/cloud applications and infrastructure

  • Expertise in security infrastructure, including SIEM, firewalls, intrusion detection, identity and access management, and vulnerability management

  • Familiarity with various software development life cycles and product security programs

  • Proven experience in managing security incidents, including root cause analysis, executive briefings, and communication strategies

  • Experience leading bug bounty programs, penetration testing, and triaging security findings

  • Strong cross-functional collaboration skills with internal teams (business, engineering) and external incident response teams

  • In-depth knowledge of security compliance requirements, such as GDPR, and guiding organizations through compliance processes

  • Hands-on experience with Infrastructure-as-Code frameworks (e.g., Terraform) and automating security tools and processes (e.g., using Bash, Python)

  • Humility, empathy and open-mindedness - no egos

  • Believe that strong teams are built on trust and autonomy

  • Passion for the outdoors 

Bonus Points:

  • Proficient with Github and integration of security tools into the CI/CD pipeline

  • Experience with infrastructure automation and how to enforce secure configurations in cloud infrastructure

  • Hands-on AWS and terraform experience

Technologies We Use:

  • AWS, GCP, Terraform, Kubernetes

  • Ruby, Python, Javascript/Typescript

  • MySQL Databases

  • Github Actions, BugCrowd, Jira

Our Commitment to You:

  • A competitive and equitable compensation plan. This is a full-time, salaried position that includes equity.

  • Physical & mental well-being: health, dental and vision benefits + monthly stipend for wellness expenses.

  • Trail Days: No meetings first Friday of each month to go test the app and explore new trails!

  • Unlimited PTO.

  • Flexible parental leave. 

  • Remote employee equipment stipend to create a great remote work environment. 

  • Annual continuing education stipend. 

  • Discounts on subscription and merchandise for you and your friends & family.

  • An authentic investment in you as a human being and your career as a professional.

$170,000 - $220,000 a year

A successful candidate’s starting salary will be determined based on various factors such as skills, experience, training and credentials, as well as other business purposes or needs.  It is not typical for a candidate to be hired at or near the top of the range of their role and compensation decisions are dependent on the factors and circumstances of each case. 

Nature celebrates you just the way you are and so do we! At AllTrails we’re passionate about nurturing an inclusive workplace that values diversity. It’s no secret that companies that are diverse in background, age, gender identity, race, sexual orientation, physical or mental ability, ethnicity, and perspective are proven to be more successful. We’re focused on creating an environment where everyone can do their best work and thrive.

AllTrails participates in the E-Verify program for all remote locations.

By submitting my application, I acknowledge and agree to AllTrails' Job Applicant Privacy Notice .

Apply Here