Principal Security Engineer

Be essential at Cars Commerce

At Cars Commerce, we’re fanatical about simplifying everything about car buying and selling. We do right by our customers and consumers to better connect the industry with simplified and tierless technology to enhance, measure and drive local automotive retail. Whether through our No.1 most recognized marketplace, Cars.com, our industry-leading digital experience, Dealer Inspire, our trade and appraisal technology, AccuTrade, or our new Cars Commerce Media Network, Cars Commerce is essential for success in the automotive industry.

No one ever travels alone here: at its core, Cars Commerce is collaboration. In fact, it’s built into the very fabric of our shared values. We like to say we Rise Together – putting people at the center of what we do, from consumer to customer to community. Life at Cars Commerce makes it easy when we share the ethos to be Open to All, encouraging open-minded communication because we know diverse thinking yields better outcomes. But critical to our success is Caring to Challenge and Taking Ownership, fueling a competitive spirit in a respectful environment where we think about tomorrow but act today. At our foundation, we have integrity, Doing the Right Thing, even when it’s hard. It’s our shared commitment to these values that makes Cars Commerce a place where growth becomes not only possible, but downright unavoidable.

But don’t take our word for it. As a U.S. News & World Report Best Company to Work For in 2024, we're obsessive about the employee experience. We are among the top 20% being declared “Best” of our industry based on six critical factors that are important to employee wellbeing, like quality of pay, benefits, work life balance and more.

Principal Security Engineer (P6)

Do you thrive in high-pressure environments safeguarding critical systems? Are you passionate about staying ahead of the ever-evolving cyber threat landscape? If so, we want you on our team! We are seeking a seasoned Principal Security Engineer to join our growing security team. As a senior-level cybersecurity professional, you will play a pivotal role in designing, implementing, and managing our organization's security posture. You will be a trusted advisor to leadership, providing strategic direction and ensuring our security solutions align with industry best practices and compliance requirements.

Responsibilities

Reporting directly to the CISO, this position offers executive-level exposure and cross-departmental experience. The individual will have the opportunity to make impactful contributions as they manage mission-critical initiatives and projects. The position will involve direct interaction with the executive team and corporate partners.

• Architect Secure Solutions: Design, implement, and maintain a comprehensive security architecture that safeguards our critical infrastructure, data, and applications.
• Design, implement, and maintain robust security controls and countermeasures across our IT and Product Cloud infrastructure.
• Collaborate with Product, Engineering, and other departments to integrate security best practices into business processes.

• Lead Threat Defense: Champion proactive security measures.
• Mentor a team of SecOps engineers, providing guidance and support in implementing security best practices.
• Develop and implement security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Collaborate with development, operations, and security teams to integrate security into the software development lifecycle (SDLC) and CI/CD pipeline.
• Conduct security assessments, code reviews, and penetration testing to identify and mitigate vulnerabilities.
• Design and implement security controls for infrastructure as code (IaC), cloud environments, and containerized applications.
• Automate security testing and compliance checks using scripting and configuration management tools.
• Monitor and analyze security events and incidents, leading incident response efforts to minimize impact and prevent recurrence.
• Stay informed about emerging security threats, vulnerabilities, and industry trends, providing guidance on mitigation strategies.
• Partner with senior leadership to prioritize security initiatives and allocate resources effectively.
• Design and Implement automated monitoring and logging across the development and deployment pipeline to detect security incidents in real-time.
• Utilize security tools to monitor for suspicious activities and indicators of compromise.
• Integrate security alerts and notifications into the CI/CD pipeline to facilitate rapid detection and response.
• Upon detection of a security incident, initiate a thorough investigation to assess the scope and impact of the incident.

• Analyze logs, network traffic, and system configurations to identify the root cause of the incident and determine the extent of any compromise.
• Collaborate with development, operations, and security teams to gather relevant information and context for incident analysis.
• Compliance Champion: Ensure adherence to industry regulations and security compliance frameworks (e.g., PCI DSS, HIPAA, SOC 2).
• Security Advocacy & Awareness: Champion a culture of security awareness within the organization, developing and implementing security training programs for employees.

Qualifications:

• Minimum 10 years of experience in information security with a proven track record of success in a similar role.
• In-depth knowledge of security principles, technologies, and methodologies (e.g., firewalls, intrusion detection/prevention systems, encryption, IAM).
• In-depth understanding of DevOps principles, methodologies, and tools.
• Hands-on experience with cloud platforms (e.g., AWS, Azure, GCP), containerization technologies (e.g., Docker, Kubernetes), and infrastructure as code (IaC) tools.
• Proficiency in scripting languages such as Python, PowerShell, or Bash.
• Familiarity with compliance standards such as PCI DSS, SOC II, and ISO27001.
• Excellent communication, collaboration, and problem-solving skills.
• Knowledge of secure software development frameworks (e.g., OWASP).
• Experience implementing security in Agile and DevOps environments.

Preferred Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Security certifications such as CISSP, CISM, or AWS Certified Security Specialty.

• Deep Experience in the following technologies:
• Cloudflare
• Crowdstrike
• Proofpoint
• CyberArk EPM
• BurpSuite
• Amazon Security Hub, Guard Duty, Inspector
• JumpCloud
• Snyk
• Experience in developing security budgets

In the spirit of pay transparency, we are excited to share the base salary range for this position which is not inclusive of bonuses, benefits or other forms of compensation that the position may be eligible for. If you are hired at Cars Commerce, your final base salary compensation will be determined based on factors such as skills and/or experience. If the salary range is close to what you're seeking, then we encourage you to apply and learn more about the total compensation package for this position.

Our Comprehensive Benefits Package includes:

• Medical, Dental & Vision Healthcare Plans
• 401(k) with Company Match + Immediate Vesting
• New Hire Stipend for Home Office Set-Up
• Employee Stock Purchase Program
• Generous PTO
• Refuel - a service based recognition program where employees receive additional paid time away to learn grow and reset
• Paid Holidays, Floating Holiday, Volunteer Day, Recharge Day
• Learn more about our Benefits, Perks, & Culture on our LinkedIn Life Pages!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. California Applicants: Click here to review our California Privacy Policy for Applicants. For current employees, please click here to review our California Privacy Policy for Employees.