Sr. Application Security Engineer II

Cars Commerce-posted 6 days ago
Full-time • Mid Level
Remote
1,001-5,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

At Cars Commerce, we’re fanatical about simplifying everything about car buying and selling. We do right by our customers and consumers to better connect the industry with simplified and tierless technology to enhance, measure and drive local automotive retail. Whether through our No.1 most recognized marketplace, Cars.com, our industry-leading digital experience, Dealer Inspire, our trade and appraisal technology, AccuTrade, our reputation-based digital wholesale auction marketplace, Dealerclub, or our new Cars Commerce Media Network, Cars Commerce is essential for success in the automotive industry. No one ever travels alone here: at its core, Cars Commerce is collaboration. In fact, it’s built into the very fabric of our shared values. We like to say we Rise Together – putting people at the center of what we do, from consumer to customer to community. Life at Cars Commerce makes it easy when we share the ethos to be Open to All, encouraging open-minded communication because we know diverse thinking yields better outcomes. But critical to our success is Caring to Challengeand Taking Ownership, fueling a competitive spirit in a respectful environment where we think about tomorrow but act today. At our foundation, we have integrity, Doing the Right Thing, even when it’s hard. It’s our shared commitment to these values that makes Cars Commerce a place where growth becomes not only possible, but downright unavoidable. But don’t take our word for it. As a U.S. News & World Report Best Company to Work For in 2024, we're obsessive about the employee experience. We are among the top 20% being declared “Best” of our industry based on six critical factors that are important to employee wellbeing, like quality of pay, benefits, work life balance and more. POSITION PURPOSE: Seeking a Senior Application Security Engineer with development experience to bridge the gap between our security needs and our development efforts. This role will involve managing SDLC security tools, creating developer education programs, and building standardized libraries and processes that foster a security-first mindset among developers. You will contribute to the success of a dynamic organization by utilizing in-depth knowledge in product security and design thinking, and applying cloud-native security principles to ensure applications follow best practices for securing cloud-based infrastructure.

  • Inventory all code developed internally.
  • Identify which are production, internal test, or other internal/external/corp type.
  • Tag all production code with code: production inside Snyk.
  • Focus on ensuring all production codebases are using Snyk pipeline toll gates / help implement them.
  • Design, drive and implement V2 roadmap for Snyk (Optimization) and engage in program maturity.
  • Tool Management and Integration: Oversee and manage existing SDLC security tools (e.g., SAST, DAST, SCA) and integrate them effectively into the development workflow. This includes evaluating current tools, optimizing their configuration, and ensuring they provide actionable insights for developers.
  • Developer Education: Develop and lead educational programs on secure coding practices, vulnerability mitigation, and emerging security threats. These could include regular training sessions, hands-on labs, and the development of a library of best practices to ensure a well-informed developer base.
  • “Paved Roads” for Security: Create secure coding libraries, frameworks, and standardized processes that developers can adopt seamlessly. These will serve as “paved roads” for consistent, secure, and efficient code development across teams.
  • Vulnerability Remediation Support: Provide developers with a resource for addressing vulnerabilities, guiding them in applying secure coding practices, and mentoring them to minimize security flaws.
  • Cloud Security Expertise: Apply cloud-native security principles, ensuring that our applications follow best practices for securing cloud-based infrastructure.
  • 10+ years of application security experience, including hands-on experience with SDLC security tools and secure development practices.
  • Proven development background (e.g., in Java, Python, or JavaScript) to effectively collaborate with engineering teams and create practical security solutions.
  • Experience building security training programs and documentation to upskill developers.
  • Familiarity with cloud-based security architecture and principles, particularly with AWS or other major cloud providers.
  • Current certifications such as ISC2 Certified Software Security Lifecycle Professional (CSSLP), ISC2 Certified Information Security Professional (CISSP), or GIAC Certified Incident Handler (GCIH).
  • Proficiency in DevSecOps application security testing controls and methods, including Run-time Application Self-Protection, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis and Software Bill of Materials (SCA and SBOM), Threat Modeling, and penetration testing.
  • Working knowledge of various scripting and programming languages such as Python, Ruby, Java, JavaScript, and SQL, including web application frameworks such as Ruby on Rails, run-time environments such as NodeJS, and API query languages such as GraphQL.
  • Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
  • Demonstrated excellent interpersonal skills, ability to interface effectively with all levels of employees/management, excellent verbal and written communication skills, and excellent organizational skills.
  • Medical, Dental & Vision Healthcare Plans
  • New Hire Stipend for Home Office Set-Up
  • Generous PTO
  • Refuel - a service based recognition program where employees receive additional paid time away to learn grow and reset
  • Paid Holidays, Floating Holiday, Volunteer Day, Recharge Day
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Application Engineer Resume Examples
Application Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service