Cars Commerce

Compensation

Full Description

Be essential at Cars Commerce At Cars Commerce, we’re fanatical about simplifying everything about car buying and selling. We do right by our customers and consumers to better connect the industry with simplified and tierless technology to enhance, measure and drive local automotive retail. Whether through our No.1 most recognized marketplace, Cars.com, our industry-leading digital experience, Dealer Inspire, our trade and appraisal technology, AccuTrade, our reputation-based digital wholesale auction marketplace, Dealerclub, or our new Cars Commerce Media Network, Cars Commerce is essential for success in the automotive industry. No one ever travels alone here: at its core, Cars Commerce is collaboration. In fact, it’s built into the very fabric of our shared values. We like to say we Rise Together – putting people at the center of what we do, from consumer to customer to community. Life at Cars Commerce makes it easy when we share the ethos to be Open to All, encouraging open-minded communication because we know diverse thinking yields better outcomes. But critical to our success is Caring to Challengeand Taking Ownership, fueling a competitive spirit in a respectful environment where we think about tomorrow but act today. At our foundation, we have integrity, Doing the Right Thing, even when it’s hard. It’s our shared commitment to these values that makes Cars Commerce a place where growth becomes not only possible, but downright unavoidable. But don’t take our word for it. As a U.S. News & World Report Best Company to Work For in 2024, we're obsessive about the employee experience. We are among the top 20% being declared “Best” of our industry based on six critical factors that are important to employee wellbeing, like quality of pay, benefits, work life balance and more. POSITION PURPOSE: Seeking a Senior Application Security Engineer with development experience to bridge the gap between our security needs and our development efforts. This role will involve managing SDLC security tools, creating developer education programs, and building standardized libraries and processes that foster a security-first mindset among developers. You will contribute to the success of a dynamic organization by utilizing in-depth knowledge in product security and design thinking, and applying cloud-native security principles to ensure applications follow best practices for securing cloud-based infrastructure. DUTIES AND RESPONSIBILITIES: Short Term Responsibilities: Inventory all code developed internally. Identify which are production, internal test, or other internal/external/corp type. Tag all production code with code: production inside Snyk. Focus on ensuring all production codebases are using Snyk pipeline toll gates / help implement them. Design, drive and implement V2 roadmap for Snyk (Optimization) and engage in program maturity. Long Term Responsibilities: Tool Management and Integration: Oversee and manage existing SDLC security tools (e.g., SAST, DAST, SCA) and integrate them effectively into the development workflow. This includes evaluating current tools, optimizing their configuration, and ensuring they provide actionable insights for developers. Developer Education: Develop and lead educational programs on secure coding practices, vulnerability mitigation, and emerging security threats. These could include regular training sessions, hands-on labs, and the development of a library of best practices to ensure a well-informed developer base. “Paved Roads” for Security: Create secure coding libraries, frameworks, and standardized processes that developers can adopt seamlessly. These will serve as “paved roads” for consistent, secure, and efficient code development across teams. Vulnerability Remediation Support: Provide developers with a resource for addressing vulnerabilities, guiding them in applying secure coding practices, and mentoring them to minimize security flaws. Cloud Security Expertise: Apply cloud-native security principles, ensuring that our applications follow best practices for securing cloud-based infrastructure. QUALIFICATIONS: 10+ years of application security experience, including hands-on experience with SDLC security tools and secure development practices. Proven development background (e.g., in Java, Python, or JavaScript) to effectively collaborate with engineering teams and create practical security solutions. Experience building security training programs and documentation to upskill developers. Familiarity with cloud-based security architecture and principles, particularly with AWS or other major cloud providers. Current certifications such as ISC2 Certified Software Security Lifecycle Professional (CSSLP), ISC2 Certified Information Security Professional (CISSP), or GIAC Certified Incident Handler (GCIH). Proficiency in DevSecOps application security testing controls and methods, including Run-time Application Self-Protection, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis and Software Bill of Materials (SCA and SBOM), Threat Modeling, and penetration testing. Working knowledge of various scripting and programming languages such as Python, Ruby, Java, JavaScript, and SQL, including web application frameworks such as Ruby on Rails, run-time environments such as NodeJS, and API query languages such as GraphQL. Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline. Demonstrated excellent interpersonal skills, ability to interface effectively with all levels of employees/management, excellent verbal and written communication skills, and excellent organizational skills. In the spirit of pay transparency, we are excited to share the base salary range for this position. In addition to base salary, some roles are eligible for our bonus and/or equity programs, depending on level and role. Regular full-time positions are eligible for our comprehensive benefits package. If you are hired at Cars Commerce, your final base salary compensation will be determined based on factors such as skills and/or experience. If the salary range is close to what you're seeking, then we encourage you to apply and learn more about the total compensation package for this position. Salary Range $154,200.00-192,750.00 Our Comprehensive Benefits Package includes: Medical, Dental & Vision Healthcare Plans New Hire Stipend for Home Office Set-Up Generous PTO Refuel - a service based recognition program where employees receive additional paid time away to learn grow and reset Paid Holidays, Floating Holiday, Volunteer Day, Recharge Day Learn more about our Benefits, Perks, & Culture on our LinkedIn Life Pages! For US-based Positions: Applicants must be authorized to work in the United States. Please note that we are unable to sponsor employment visas at this time. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. California Applicants: Click here to review our California Privacy Policy for Applicants. For current employees, please click here to review our California Privacy Policy for Employees. Welcome! At Cars Commerce, we think big, push boundaries, and rise together as a team. It’s all the challenge and energy of a job in the tech industry, backed by 25 years of proven resilience and growth as a leading consumer brand. Imagine getting to work on a team with a bold mission to simplify everything about buying and selling cars. A culture that’s a unique mix of innovation and collaboration. Exciting training and development opportunities that empower you to take ownership of your career. For our employees, every day is an opportunity. We’re a remote-first workplace that embraces diversity at every level. Inspired by our values, we intentionally create opportunities for our employees to grow and make an impact in our industry and local communities. Let’s move your career forward together. Cars Commerce is an audience-driven technology company empowering automotive that simplifies everything about buying and selling cars. The Cars Commerce platform includes the flagship automotive marketplace and dealer reputation site Cars.com, innovative digital marketing technology and services from Dealer Inspire, industry-leading trade-in and appraisal technology from AccuTrade, an exclusive in-market media network, and powerful and predictive AI technologies that enable more efficient and profitable retail operations. Cars Commerce is the essential partner to stay one step ahead in automotive.