Penetration Tester

Tempe, AZ

Carvana logo
Apply now Apply later


CARVANA’s goal is to change the way people search, finance, and buy used vehicles. We are replacing plaid suits, gold chains and a miserable 4 hour in-store process with technology that allows for customers to buy a car in as little as 11 minutes! Carvana is a fast-growing technology startup that was recently recognized by Forbes as the 5th Most Promising Company of 2015. Founded in 2012, Carvana has quickly expanded and is doing so again in several new markets. We are looking for talented individuals who will deliver our unique customer experience.

For more information on Carvana, take a look at our company introduction video.


In our down time we have ping pong & corn hole (or bags, depending on where you’re from) tournaments. We regularly host Hackathons to promote innovation and foster new ideas. Don’t forget Wacky Pants Wednesdays…you’ll have to have some pretty strong game here to compete with our CEO Ernie, who could supply the wardrobe for an entire season of throwback Soul Train episodes.

We expect bright people who are willing to roll up their sleeves, take on new assignments, and juggle many things at once. In return for your hard work, you'll have an opportunity to work at one of the fastest growing, most innovative technology companies to occupy the automotive space (as well as the Earth space).

We’re working on a game-changing product while building a world-class team. Every day.


We’re looking for a Security Penetration Tester with a passion for tackling big problems and a focus on web application security. We need an elite security professional that can help protect the infrastructure and platform.  The ideal candidate for this position will have experience with discovering security vulnerabilities and weaknesses in web-based applications, then most importantly provide remediation recommendations.  Are you the type of person who tries to figure out if a system has weaknesses, and try to exploit them in your spare time? Are you curious about reverse engineering to identify attack surface? Are looking for opportunities to learn from and educate your talented peers and are genuinely excited to constructively participate?  If so, then we have the perfect position for you...  You will need a desire to tinker until it's reliable, robust, and secure.

We are building an Airwolf inspired Security Team, with a Red Team capability, where you will see your work have an immediate impact every day in a well-funded and rapidly growing company. We are seeking information security specialists who have expertise in system and application penetration testing.


Work within the Carvana Security team to support and implement tools, practices, policies, and standards that will:

  • Provide web application and infrastructure penetration testing.
  • Promote business efficiency and reliability through better standards and procedures of preventative controls and with automated response techniques.
  • Test production web applications with multi-pronged, controlled, focused attacks, on-prem and in the cloud in order to detect security weaknesses.
  • Test production infrastructure with multi-pronged, controlled, focused attacks, on-prem and in the cloud, in order to detect security weaknesses.
  • Find creative ways to display the impact of detected weaknesses in Carvana’s infrastructure and applications.


  • 2+ years experience working as a Security Penetration Tester or 6+ years on a dedicated Security Team.
  • 2+ years working with Security Architects and Security Engineers to gather information and conduct penetration tests.
  • Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
  • Advanced working understanding of web application penetration test and security assessment procedures.
  • Advanced working understanding of information gathering techniques and processes.
  • Comfortable using, configuring, troubleshooting, and administering one or more of the following, Unix, Linux, Mac OSX, and Windows operating systems.
  • Experience using the Backtrack/Kali Linux suite of penetration test tools.
  • Experience using proxy tools such as Burp Suite.
  • Ability to effectively test web applications for the OWASP top 10 vulnerabilities.
  • Have a broad advanced understanding of various commercial, open source, and freeware penetration test tools.
  • Familiarity with mobile application testing techniques.
  • Working knowledge of communication network technologies. TCP/IP.
  • Should have experience with network traffic tools, techniques and analysis as well as host forensics tools, techniques and analysis.
  • Should have an understanding of network and platform security strategies, and implementation practices.
  • Should have a strong understanding of basic cloud infrastructure and services.
  • Should have a strong familiarity with enterprise monitoring and log management tools and services.
  • Works as an individual contributor for smaller efforts and as part of a team for larger efforts.
  • Have conducted web application penetration tests on both external facing applications and internal facing applications.
  • Have conducted internal and external network penetration tests, and wireless network penetration tests.
  • Been responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test.
  • Strong demonstrated passion for all things Information Technology and Information Security


  • Offensive Security Web Expert (OSWE) certification
  • Certified Penetration Tester (CPT) or equivalent certification
  • Certified Offensive Security Professional (OCSP) certification
  • Knowledge of containerization and container orchestration such as Kubernetes
  • Knowledge of Regular Expressions
  • Social Engineering experience
  • Additional related education and/or experience preferred


  • A full-time, salaried position
  • Medical (employee medical fully paid by Carvana), Dental, and Vision benefits
  • A 401K with company match
  • All the perks your heart desires (gym, snacks, iced coffee on tap)
  • Access to opportunities to expand your skill set and share your knowledge with others across the organization


Hiring is contingent on passing a complete background check 

Carvana is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

This role is not eligible for visa sponsorship.

Job region(s): North America
Job stats:  23  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities