Sr. Manager, Security Operations

Be essential at Cars Commerce

At Cars Commerce, we’re fanatical about simplifying everything about car buying and selling. We do right by our customers and consumers to better connect the industry with simplified and tierless technology to enhance, measure and drive local automotive retail. Whether through our No.1 most recognized marketplace, Cars.com, our industry-leading digital experience, Dealer Inspire, our trade and appraisal technology, AccuTrade, or our new Cars Commerce Media Network, Cars Commerce is essential for success in the automotive industry.  

No one ever travels alone here: at its core, Cars Commerce is collaboration. In fact, it’s built into the very fabric of our shared values. We like to say we Rise Together – putting people at the center of what we do, from consumer to customer to community. Life at Cars Commerce makes it easy when we share the ethos to be Open to All, encouraging open-minded communication because we know diverse thinking yields better outcomes. But critical to our success is Caring to Challenge and Taking Ownership, fueling a competitive spirit in a respectful environment where we think about tomorrow but act today. At our foundation, we have integrity, Doing the Right Thing, even when it’s hard. It’s our shared commitment to these values that makes Cars Commerce a place where growth becomes not only possible, but downright unavoidable.

But don’t take our word for it. As a U.S. News & World Report Best Company to Work For in 2024, we're obsessive about the employee experience. We are among the top 20% being declared “Best” of our industry based on six critical factors that are important to employee wellbeing, like quality of pay, benefits, work life balance and more.

 

About the Role

Do you thrive in high-pressure environments, leading a team to safeguard critical systems from ever-evolving cyber threats? Are you passionate about building a robust security posture and fostering a culture of security awareness? If so, we want you on our team!

As a SecOps Manager, you will lead a team responsible for integrating security practices into our software development and operations processes. You will collaborate with cross-functional teams to ensure the security of our applications, infrastructure, and cloud environments while promoting a culture of security within our organization.

Responsibilities:

• Lead and mentor a team of SecOps engineers, providing guidance and support in implementing security best practices.
• Develop and implement security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Collaborate with development, operations, and security teams to integrate security into the software development lifecycle (SDLC) and CI/CD pipeline.
• Conduct security assessments, code reviews, and penetration testing to identify and mitigate vulnerabilities.
• Design and implement security controls for infrastructure as code (IaC), cloud environments, and containerized applications.
• Automate security testing and compliance checks using scripting and configuration management tools.
• Monitor and analyze security events and incidents, leading incident response efforts to minimize impact and prevent recurrence.
• Stay informed about emerging security threats, vulnerabilities, and industry trends, providing guidance on mitigation strategies.
• Partner with senior leadership to prioritize security initiatives and allocate resources effectively.
• Implement automated monitoring and logging across the development and deployment pipeline to detect security incidents in real-time.
• Utilize security information and event management (SIEM) systems, intrusion detection systems (IDS), and other security tools to monitor for suspicious activities and indicators of compromise.
• Integrate security alerts and notifications into the CI/CD pipeline to facilitate rapid detection and response.
• Upon detection of a security incident, initiate a thorough investigation to assess the scope and impact of the incident.
• Analyze logs, network traffic, and system configurations to identify the root cause of the incident and determine the extent of any compromise.
• Collaborate with development, operations, and security teams to gather relevant information and context for incident analysis.
• Compliance Champion: Ensure adherence to industry regulations and security compliance frameworks (e.g., PCI DSS, HIPAA, SOC 2).
• Security Advocacy & Awareness: Champion a culture of security awareness within the organization, developing and implementing security training programs for employees.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Minimum 7-10+ years of experience in information security with a proven track record of leading a security operations team.
• Proven experience in DevOps, security, or software development roles, with a focus on security.
• Strong leadership and team management skills, with experience leading cross-functional teams.
• In-depth understanding of DevOps principles, methodologies, and tools.
• Hands-on experience with cloud platforms (e.g., AWS, Azure, GCP), containerization technologies (e.g., Docker, Kubernetes), and infrastructure as code (IaC) tools.
• Proficiency in scripting languages such as Python, PowerShell, or Bash.
• Experience with security tools such as vulnerability scanners, intrusion detection systems (IDS), and security information and event management (SIEM) solutions.
• Familiarity with compliance standards such as PCI DSS, HIPAA, and GDPR.
• Excellent communication, collaboration, and problem-solving skills.

Preferred Qualifications:

• Security certifications such as CISSP, CISM, or AWS Certified Security Specialty.
• Experience with DevSecOps practices and tools (e.g., DevSecOps automation, shift-left security).
• Knowledge of secure software development frameworks (e.g., OWASP).
• Experience implementing security in Agile and DevOps environments.

• Deep Experience in the following technologies:
• DataDog
• Cloudflare
• Crowdstrike
• Proofpoint
• CyberArk EPM
• BurpSuite
• Amazon Security Hub, Guard Duty, Inspector
• JumpCloud
• Snyk
• Experience in developing security budgets and managing security resources

 

#LI-REMOTE

In the spirit of pay transparency, we are excited to share the base salary range for this position which is not inclusive of bonuses, benefits or other forms of compensation that the position may be eligible for. If you are hired at Cars Commerce, your final base salary compensation will be determined based on factors such as skills and/or experience. If the salary range is close to what you're seeking, then we encourage you to apply and learn more about the total compensation package for this position.

Salary Range$170,800—$213,500 USD

Our Comprehensive Benefits Package includes:

• Medical, Dental & Vision Healthcare Plans
• 401(k) with Company Match + Immediate Vesting
• New Hire Stipend for Home Office Set-Up
• Employee Stock Purchase Program
• Generous PTO
• Refuel - a service based recognition program where employees receive additional paid time away to learn grow and reset
• Paid Holidays, Floating Holiday, Volunteer Day, Recharge Day
• Learn more about our Benefits, Perks, & Culture on our LinkedIn Life Pages!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. California Applicants: Click here to review our California Privacy Policy for Applicants. For current employees, please click here to review our California Privacy Policy for Employees.