Senior Penetration Tester

Phoenix Headquarters

Full Time Senior-level / Expert
Carvana logo
Apply now Apply later

Posted 2 weeks ago

About Carvana

If you like disrupting the norm and are looking for a company revolutionizing an industry then you will LOVE what Carvana has done for the car buying experience. Buying a car the old fashioned way sucks and we are working hard to make it NOT suck. At Carvana, our customers can hop online to...

  • Search and browse our inventory of over 20,000 vehicles that we own and certify.
  • Narrow down search results using highly intelligent filtering tools/components.
  • View vehicle details, Carfax reports, and 360 rotating studio images for every vehicle.
  • Secure financing in minutes using Carvana’s in-house service or their own bank.
  • Interact with GUI components to easily customize loan length, down payment, and monthly payment.
  • Generate, upload, and eSign all documents online (no ink necessary).
  • Schedule front door delivery or pick up at one of our vending machines.
  • Trade-in their existing vehicle or just sell it to Carvana (no purchase necessary).

For more information on Carvana and our mission, sneak a peek at our company introduction video or learn more about what it’s like to work here from the people that already do

About the team and position

We’re looking for a Security Penetration Tester with a passion for tackling big problems. We need an elite red teamer that can help protect the infrastructure and platform.  The ideal candidate for this position will have experience with discovering security vulnerabilities and weaknesses in networks, computer systems, embedded systems, and web-based applications to provide remediation recommendations.  Are you the type of person who tries to figure out if a system has weaknesses, and try to exploit them in your spare time? Are you curious about reverse engineering and hunting for attacker activity? Are you looking for opportunities to learn from and educate your talented peers and are genuinely excited to constructively participate?  If so, then we have the perfect position for you...  You will need a desire to tinker until it's reliable, robust, and secure.

We are building an Airwolf inspired Security Team, with a Red Team capability, where you will see your work have an immediate impact every day in a well-funded and rapidly growing company. We are seeking information security specialists who have expertise in system and application penetration testing.

What you’ll be doing

Work within the Carvana Security team to support and implement tools, practices, policies, and standards that will:

  • Provide infrastructure and some application penetration testing.
  • Promote business efficiency and reliability through better standards and procedures of preventative controls and automated response techniques.
  • Test production infrastructure with multi-pronged, controlled, focused attacks, on-prem and in the cloud, in order to detect cybersecurity weaknesses.
  • Find creative ways to display the impact of detected weaknesses in Carvana’s infrastructure and applications.
  • Other duties as assigned.

What you should have

  • 2+ years of experience working as a Security Penetration Tester or 6+ years on a dedicated Security Team.
  • 2+ years working with Security Architects and Security Engineers to gather information and conduct penetration tests.
  • Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
  • Advanced working understanding of penetration test or security assessment procedures.
  • Advanced working understanding of information gathering techniques and processes.
  • Comfortable using, configuring, troubleshooting, and administering one or more of the following, Unix, Linux, Mac OSX, and Windows operating systems.
  • Experience using the Backtrack/Kali Linux suite of penetration test tools.
  • Have a broad advanced understanding of various commercial, open-source, and freeware penetration test tools.
  • Working knowledge of communication network technologies. TCP/IP folks.
  • Experience with the techniques and ability to perform analysis using network traffic tools, and host-based forensics tools.
  • An understanding of network and platform security strategies, and implementation practices.
  • A strong understanding of basic cloud infrastructure and services.
  • Strong familiarity with enterprise monitoring and log management tools and services.
  • Conducted internal and external network penetration tests on external web services application penetration tests and wireless network penetration tests.
  • Been responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
  • Ability to communicate complex technical concepts to both technical and non-technical co-workers in a clear and concise manner.
  • A drive and passion for information technology and security that borders on the obsessive. 

It would be great if you also had

  • Certified Ethical Hacker (CEH) or equivalent certification
  • Certified Penetration Tester (CPT) or equivalent certification
  • Certified Offensive Security Professional (OCSP) certification
  • Knowledge of Regular Expressions
  • Social Engineering experience
  • Additional related education and/or experience preferred

What we’ll offer in return

  • Full-Time Salary Position with a competitive salary.
  • Medical, Dental, and Vision benefits.
  • 401K with company match.
  • A multitude of perks including student loan payments, discounts on vehicles, benefits for your pets, and much more.
  • A great wellness program to keep you healthy and happy both physically and mentally.
  • Access to training and conference opportunities as well as great on-the-job training.
  • A company culture of promotions from within, with a start-up atmosphere allowing for varied and rapid career development.
  • A seat in one of the fastest-growing companies in the country.

Other requirements

To be able to do your job at Carvana, there are some basic requirements we want to share with you.

  • Must be able to read, write, speak, and understand English.
  • Must be able to lift up to 70 pounds independently; majority of lifting from knee to shoulder heights; other lifting required from various levels.
  • Must be able to carry and transport up to 70 pounds up to 20 feet.
  • Requires excellent visual acuity and manual dexterity.

Of course, we’ll make any reasonable accommodations for those with disabilities to perform the essential functions of their jobs. 

Legal stuff

Hiring is contingent on passing a complete background check.  This role is ___ eligible for visa sponsorship.

Carvana is an equal employment opportunity employer.  All applicants receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, marital status, national origin, age, mental or physical disability, protected veteran status, or genetic information, or any other basis protected by applicable law.  Carvana also prohibits harassment of applicants or employees based on any of these protected categories.

Please note this job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. 

Job tags: CEH Forensics Kali Linux Offensive Security Penetration Tester Penetration testing Red team TCP/IP Unix Vulnerabilities Windows
Job region(s): North America
Job stats:  8  1  0
Share this job: