Information Security Engineer
Meet CarGurus—the #1 visited online car shopping website in the US. At CarGurus, we’re building the world’s most trusted and transparent automotive marketplace where it’s easy to find great deals from top-rated dealers.
Founded in 2006 by Langley Steinert (co-founder of TripAdvisor), CarGurus is a technology company with a passion for data and its power to simplify every aspect of the car shopping experience. Using proprietary technology, search algorithms and innovative data analytics, we provide unbiased validation on pricing, dealer reputation and vehicle history.
CarGurus is looking for a dynamic, Information Security Engineer to ensure our data is protected from all threats and vulnerabilities. The goal of the Information Security Engineer is to engage with company leaders, directors, colleagues, and vendors on security assurance while developing guidelines, templates, and tools used to secure our environment. You will use your passion for security to help shape and drive key initiatives throughout the organization.
What You’ll Do:
- Ability to fine-tune security rules and processes for efficient detection and mitigation
- Develop and maintain security utilities and metrics dashboards that help team to track/report on compliance
- Evaluate software security products and technologies, as required
- Help plan and carry out an organization’s information security strategy. Developing a set of security standards and best practices for the organization and recommend security enhancements to management, as needed.
- Develop strategies to respond to and recover from a security breach. Information Security Engineers are also responsible for educating the workforce on information security through training and building awareness.
- Implement, install and use software, such as firewalls and data encryption programs, to protect organizations’ sensitive information.
- Test for vulnerabilities. Conducting periodic scans of networks to find any vulnerabilities.
- Coordinating penetration testing, in which an external third party would simulate an attack on the system to highlight or find any weaknesses that might be exploited by a malicious party.
- Constantly monitor their organization’s networks and systems for security breaches or intrusions, via software notifications and identifying anomalous behavior.
- Ability to respond to security incidents, to minimize the impact. Afterwards, executing technical and forensic investigation into how the breach happened and the extent of the damage.
Who You Are:
- Ability to determine risk based on context
- Ability to clearly articulate issues and communicate in an effective and personable manner
- Ability to adjust quickly to the security needs of a highly agile organization
- Knowledge of offensive and defensive IT security techniques
- Knowledge of securing Mac, Windows, Linux & AWS environments
- Skills in securing web applications
- Ability to perform some level of forensic analysis
- 2+ years of Information/Cyber Security Experience
- BA or BS degree in Information Security, Cyber Security, Computer Science or other related degree
- Knowledge of the following frameworks/compliance regimes; ISO, NIST, PCI, SOX, SSAE18, BSIMM and GDPR compliance
- Knowledge of designing a comprehensive security programs for SaaS applications and Corporate environments including Vendor Security Assessments, Penetration Tests, Risk Management, Threat Intelligence, Vulnerability Management, Incident and Response, Security Training, Privacy and Compliance Programs
- Direct experience with anti-virus software, intrusion detection, firewalls and content filtering
- Knowledge of risk assessment tools, technologies and methods
- Experience designing secure networks, systems and application architectures
- Knowledge of disaster recovery, computer forensic tools, technologies and methods
- Experience planning, researching and developing security policies, standards and procedures
- Ability to communicate network security issues to peers and management
- Ability to read and use the results of malicious code, and anti-virus software
At the core of our company culture is a spirit of innovation, curiosity and collaboration. True to our start-up roots, we’re nimble, flexible and hardworking. We have a great respect for testing and learning and a healthy aversion to scheduling meetings to discuss meetings. Lunch is catered daily. Gym membership is free. Foosball and ping pong are played often. Now a publicly-traded company, we’re as committed as ever to cultivating the culture that got us here.
In addition to the US, CarGurus operates sites in Canada, the UK and Germany with other markets on the horizon. Our offices are located in Cambridge, MA, Detroit, MI and Dublin, Ireland. If you’d like to learn more, please visit our careers page.