Senior Application Security Engineer
Posted 1 month ago
If you like disrupting the norm and are looking for a company revolutionizing an industry then you will LOVE what Carvana has done for the car buying experience. Buying a car the old fashioned way sucks and we are working hard to make it NOT suck. At Carvana, our customers can hop online to...
- Search and browse our inventory of over 20,000 vehicles that we own and certify.
- Narrow down search results using highly intelligent filtering tools/components.
- View vehicle details, Carfax reports, and 360 rotating studio images for every vehicle.
- Secure financing in minutes using Carvana’s in-house service or their own bank.
- Interact with GUI components to easily customize loan length, down payment, and monthly payment.
- Generate, upload, and eSign all documents online (no ink necessary).
- Schedule front door delivery or pick up at one of our vending machines.
- Trade-in their existing vehicle or just sell it to Carvana (no purchase necessary).
About the team and position
The Senior Security Engineer is a subject matter expert on our Engineering team, responsible for enhancing and supporting Carvana's application security. An ideal candidate understands how to troubleshoot complex secure coding issues and has the ability to identify downstream impacts. The Senior Security Engineer is responsible for clearly communicating rationale and guidance for remediating security issues along with resolving problems using broad-based analysis and demonstrates coding techniques to support innovative solutions.
This position will support and enhance security infrastructure for a rapidly growing, cloud-based, distributed e-commerce system. The Senior Security Engineer will also guide the development and maintenance of security policies, standards and guidelines, as well as mentors peers on security policies and practices. Additionally, they will collaborate with IT and DevOps to develop an information security roadmap that ensures the safety of customer, internal, and 3rd-party data.
What you’ll be doing
- Support and enhance identity and access management infrastructure (Identity Server 3 & 4).
- Design & evaluate application and database security elements to mitigate risks as they emerge.
- Create & evaluate solutions that balance business requirements with information and security requirements.
- Identify security design gaps in existing and proposed architectures and recommend changes/enhancements.
- Identify application and database security gaps, evaluate and implement enhancements.
- Monitors and mitigates application security vulnerabilities, ensuring timely resolution.
- Work in a team environment using Agile project approaches (Scrum, Lean, XP).
- Design, develop, maintain, and deploy back end solutions using C# /.Net Core.
- Other duties as assigned
What you should have
- Bachelor’s in Information Technology, Computer Science, Engineering or related field required. Master’s Degree preferred
- 5+ years of full time experience in dedicated, technical information security roles.
- CISA, CISM, CISSP or similar certification heavily preferred
- In-depth understanding of Oauth, JWT, OpenID Connect, Single Sign-on, Active Directory
- In-depth knowledge of software applications, distributed systems, network and data security, security operations, and associated hardware, software and protocols
- Strong knowledge of information security principles and practices.
- Knowledge of 3rd party auth tools like Okta, Auth0
- Expertise with object-oriented language C#.
- Experience with web application development.
- Deep understanding of .Net Core and C#.
- Experience in container-oriented architecture using Docker and/or Kubernetes is preferred.
- Comfortable with Microservices.
It would be great if you also had
- Experience with incident response and analysis, preferably in a leadership role.
- Experience performing packet analysis.
- Knowledge of host-based information security technologies.
- Knowledge of Incident Analysis and response concepts and techniques.
- Knowledge in the use of information security and networking tools such as; Nmap, Wireshark, Nessus and Kali Linux.
- Knowledge of the security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, EMC, and other market leaders in technology solutions, including mobile devices.
- Knowledge of IDS/IPS, firewalls, proxies and other network security technologies.
- Experience with Identity Server v3 and/or v4
- Experience with security system upgrades/rollouts in a high availability environment
What we’ll offer in return
- Full-Time Salary Position with a competitive salary.
- Medical, Dental, and Vision benefits.
- 401K with company match.
- A multitude of perks including student loan payments, discounts on vehicles, benefits for your pets, and much more.
- A great wellness program to keep you healthy and happy both physically and mentally.
- Access to opportunities to expand your skillset and share your knowledge with others across the organization.
- A company culture of promotions from within, with a start-up atmosphere allowing for varied and rapid career development.
- A seat in one of the fastest-growing companies in the country.
To be able to do your job at Carvana, there are some basic requirements we want to share with you.
- Must be able to read, write, speak and understand English.
Of course, we’ll make any reasonable accommodations for those with disabilities to perform the essential functions of their jobs.
Hiring is contingent on passing a complete background check. This role is not eligible for visa sponsorship.
Carvana is an equal employment opportunity employer. All applicants receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, marital status, national origin, age, mental or physical disability, protected veteran status, or genetic information, or any other basis protected by applicable law. Carvana also prohibits harassment of applicants or employees based on any of these protected categories.
Please note this job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.