Senior Application Security Engineer
At Carvana, we sell cars, but we’re not salespeople. Since 2013, we’ve been making it our mission to change the way people buy cars. We saw a huge problem with how much it can suck to buy a car the traditional way, so we committed ourselves to tackling one of the largest, yet-to-be-disrupted markets in the world – the $1T per year U.S. car market (yes, that’s $Trillion with a “T”).
With the ability to search thousands of vehicles from our expansive inventory, to high-resolution 360° photographs of our vehicles’ interior and exterior, to real-time financing and the ability to complete contracts without visiting the back room of a dealership, we provide a seamless, online car buying experience for consumers that can be completed from their desktop or mobile device. All our vehicles are inspected and reconditioned based on our 150-point certification checklist and come with a 7-day return policy. We also operate our own logistics network to deliver cars to customers as soon as the next day, as well as offer customer pick-up at our state-of-the-art Car Vending Machine locations (yes, you read that right). By putting customer satisfaction at the core of our business, we’ve built a no-pressure, no-haggle online car buying experience that saves our customers time and money.
For more information on Carvana, take a look at our company introduction video.
WORKING AT CARVANA YOU WILL NOTICE THAT...
You'll need to be a great communicator, a brand ambassador, and possess the know how to get the job done.
We expect bright people, willing to roll up their sleeves, take on new assignments, and juggle many things at once.
In return for your hard work, you'll have an opportunity to work at one of the fastest growing and creative technology companies around, as well as help us promote a life-changing product and develop a world-class team every day.
In our down time we have ping pong and corn hole (or “bags,” depending on where you’re from) tournaments. However, the pace is pretty quick around here, so you'll need to be prepared to keep up.
WE’RE LOOKING FOR….
The Senior Security Engineer is a subject matter expert on our Engineering team, responsible for enhancing and supporting Carvana's application security. An ideal candidate understands how to troubleshoot complex secure coding issues and has the ability to identify downstream impacts. The Senior Security Engineer is responsible for clearly communicating rationale and guidance for remediating security issues along with resolving problems using broad-based analysis and demonstrates coding techniques to support innovative solutions.
This position will support and enhance security infrastructure for a rapidly growing, cloud-based, distributed e-commerce system. The Senior Security Engineer will also guide the development and maintenance of security policies, standards and guidelines, as well as mentors peers on security policies and practices. Additionally, they will collaborate with IT and DevOps to develop an information security roadmap that ensures the safety of customer, internal, and 3rd-party data.
SPECIFICALLY, YOUR RESPONSIBILITIES WILL INCLUDE:
- Support and enhance identity and access management infrastructure (Identity Server 3 & 4).
- Design & evaluate application and database security elements to mitigate risks as they emerge.
- Create & evaluate solutions that balance business requirements with information and security requirements.
- Identify security design gaps in existing and proposed architectures and recommend changes/enhancements.
- Identify application and database security gaps, evaluate and implement enhancements.
- Monitors and mitigates application security vulnerabilities, ensuring timely resolution.
- Work in a team environment using Agile project approaches (Scrum, Lean, XP).
- Design, develop, maintain, and deploy back end solutions using C# /.Net Core.
- Other duties as assigned
THE QUALIFYING CANDIDATE MUST HAVE:
- Bachelor’s in Information Technology, Computer Science, Engineering or related field required. Master’s Degree preferred
- 5+ years of full time experience in dedicated, technical information security roles.
- In-depth understanding of Oauth, JWT, OpenID Connect, Single Sign-on, Active Directory
- In-depth knowledge of software applications, distributed systems, network and data security.
- Strong knowledge of information security principles and practices.
- Knowledge of 3rd party auth tools like Okta, Auth0
- Experience with web application development.
- Deep understanding of .Net Core and C#.
- In-depth understanding of how to implement Unit, integration and load testing
NICE TO HAVES:
- Experience with Identity Server V3 and/or V4
- Experience with incident response and analysis, preferably in a leadership role.
- Experience performing packet analysis.
- Knowledge of host-based information security technologies.
- Knowledge of Incident Analysis and response concepts and techniques.
- Knowledge in the use of information security and networking tools such as; Nmap, Wireshark, Nessus and Kali Linux.
- Knowledge of the security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, EMC, and other market leaders in technology solutions, including mobile devices.
- Knowledge of IDS/IPS, firewalls, proxies and other network security technologies.
- Experience with security system upgrades/rollouts in a high availability environment
- Experience with Nodejs & Python
- Experience in container-oriented architecture using Docker and/or Kubernetes is preferred.
- Pen testing
WHAT YOU CAN EXPECT IN RETURN:
- Full-Time Salary Position
- Medical, Dental, and Vision benefits
- 401K with company match
- Access to opportunities to expand your skill set and share your knowledge with others across the organization