About Carvana

"We believe CVNA is in the early stages of becoming the next U.S. retail category killer."

- Stephens Investment Bank, Analyst Report, Sept. 2024

Building leading-edge technology has been at the core of Carvana's strategy since our founding, driving us to become the 3rd fastest company in history to organically reach the Fortune 500 following only Amazon and Google. Today, we remain founder-lead and as ambitious as ever. In 2024, we have not only emerged as the fastest growing automotive retailer, but also the most profitable thanks to our deep vertical integration across retail, lending, vehicle transportation, wholesale auctions, and more.

If you want to grow not just as an Engineer but as a leader and business-builder, Carvana is the place for you. Our technology teams build: End-to-end ecommerce for both selling and buying cars, including everything you see on Carvana.com and in our mobile apps. AI-driven customer support across chat, email, SMS, and voice, as well as a proprietary CRM platform to ensure the most efficient and highest quality customer experience. 360° vehicle photography and interactive merchandising using cutting edge computer vision and AI techniques. The most sophisticated and self-service automotive lending platform in the world. Systems and tools behind a nationwide logistics network that has delivered and picked up over 3 million cars via our fully owned and operated fleet of automotive haulers, efficiently managing distribution of our massive inventory to 85% of US driveways. Enterprise grade systems for operating the largest vehicle reconditioning facilities in the US, with workflow and automation to guide the work for everything mechanical, electrical, and cosmetic needed to bring each car to our high standards. Early adoption and customization of AI tools for optimizing our Developer efficiency and experience. And much, much more...

THIS IS A 100% ON-SITE POSITION FROM OUR HQ IN TEMPE (Monday through Friday) About the team and position:

We are hiring a Senior Security Engineer to join our DevSecOps Team. This role will ensure that our applications, services, and websites are designed and implemented with security by design, while also fortifying our security infrastructure.

You will be responsible for discovering and addressing security risks, issues, and threats across the entire development lifecycle. This includes building security automation to enable secure development practices, evangelizing security with our engineering teams, and managing edge security processes.

Key Responsibilities: Implement comprehensive security tooling throughout the entire software development lifecycle, including (but not limited to): Integrating security into the Secure Security Development Lifecycle (SSDLC) and CI/CD pipeline. Fostering a culture of security-driven development through close collaboration with engineering, development, and operations teams. Act as a Subject Matter Expert (SME) in application and infrastructure security Provide expert advice, consultation, and training. Proactively identify, remediate, and manage vulnerabilities. Communicate complex technical security problems to technical and non-technical stakeholders. Work alongside the Senior DevSecOps Engineer to implement and manage firewalls, Security Incident Event Management (SIEM), and log storage systems (e.g., Splunk, Datadog). Oversee application security initiatives, including vulnerability assessments and penetration testing. Develop and manage a Security Champions program to promote security awareness and best practices throughout the organization. Qualifications: Solid understanding of edge security processes: Firewalls, SIEM, and log storage systems like Splunk or Datadog Hands-on experience in cloud security environments (Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP)). Hands-on experience with containers (Docker, Kubernetes). Hands-on experience with WAF security. Extensive experience in: DevOps or DevSecOps Strong understanding of the Secure Software Development Lifecycle (SSDLC) Various build technologies, code repositories, and CI/CD pipeline processes (ADO, GitHub) Embedding security tooling Comprehensive knowledge of various security domains: Including web security (OWASP Top 10, CWE Top 25) Network security Knowledge of application security testing tools and methodologies (e.g., SAST, DAST, IAST). Strong self-starter with technical acumen, communication and influence skills. Proven ability to solve complex problems, develop risk-based solutions, and balance security with engineering requirements, while also driving influence and change with stakeholders holding varying opinions on security topics. 5+ years of experience Preferred Qualifications: Cybersecurity In-depth understanding of web application vulnerabilities and mitigation techniques. Familiarity with Azure Key Vault and other secrets management solutions. Bachelor's degree in Computer Science or a related field, or equivalent practical experience. Legal Stuff

Hiring is contingent on passing a complete background check. This role is not eligible for visa sponsorship.

Carvana is an equal employment opportunity employer. All applicants receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, marital status, national origin, age, mental or physical disability, protected veteran status, or genetic information, or any other basis protected by applicable law. Carvana also prohibits harassment of applicants or employees based on any of these protected categories.

Please note this job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.