Senior Security Engineer
TrueCar is a leading automotive digital marketplace and we are on a mission to make car buying and selling easy, transparent and efficient. We work to empower consumers with data, and foster connections with our network of Certified Dealers who share our belief that truth, transparency and fairness are the foundation to a great experience. We forge partnerships to power car buying programs for some of America’s most trusted brands. And we continually innovate to provide useful tools, research, market context and pricing transparency to help consumers feel empowered and confident all throughout their journey.
As consumers’ priorities and shopping habits shifted, so did we. We are building a modern day marketplace and invite you to come join the TrueCar Crew. You can have a real & direct impact on our journey as we continue to evolve and revolutionize the car buying and selling experience. We are seeking talented individuals who are excited by our mission to revolutionize & elevate the car buying & selling experience.
The Opportunity:
As a key member of the Security & Compliance team, you will contribute to a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting TrueCar in meeting our strategic goals. This role will champion organizational security through positive knowledge-sharing, training, influencing, and conduct.
How you will contribute to TrueCar’s success:
- Drive discussions concerning system configurations, deployment, monitoring, alerting, security tooling, processes, and general secure architecture
- Triage alerts and lead mitigations
- Take ownership of standard operating procedures (SOPs) and assist with reviewing and writing policies
- Work with development teams to securely design the architecture and processes of computer systems, networks and information. This includes security considerations as part of the SDLC process.
- Coordinate penetration testing and vulnerability assessments to identify security strengths and weaknesses, assess the effectiveness of existing controls, and provide recommendations for remedial action where needed.
- Identify, define, and help implement system security requirements based on industry best practices and obligations to third parties.
- Develop technical solutions and operationalize existing security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Assess and recommend proper security procedures to manage third-party risk and ensure that partners, dealers, and associated agencies follow TrueCar security requirements.
- Work with internal and external auditors to convey security controls and resolve audit findings
- Work with Compliance on ad-hoc company-wide projects and help automate and operationalize dashboards for easy reporting.
- Act as a key resource for investigating security incidents, triaging, and incident response.
Your Expertise:
- Demonstrated success in a security engineering role
- Excellent verbal and written communication skills
- Collaborate well with technical and non-technical teams
- Possess a growth mindset and bias for action
- Lead security-related tasks and projects
- Proven ability to configure a variety of security tooling, networking, servers, and/or endpoints (DLP, SAST, DAST, EDR, Proofpoint)
- Ability to script and configure automation tooling
- Understand the tactics, tools, and procedures (TTPs) of threat actors and how to mitigate exploitation
- Ability to identify a variety of Indicators of Compromise (IOCs) and mitigation strategies
- Understand IAM and user lifecycle best practices
- Conduct proactive threat hunting and/or penetration testing
- Understand attack methods, indicators of compromise, and mitigation strategies to protect against threat actors
- Understand OWASP top 10, CIS top 18, NIST, SOC 2
- Working knowledge of Cyber Kill Chain, MITRE ATT&CK, and/or STRIDE
- Understand IAM and directory services
- Working knowledge of email/DNS configuration best practices, cloud environments, automation tooling (Terraform, Ansible), and web frameworks/infrastructure fundamentals
- Security+, Network+, GPEN, GWAPT, GCED, CISA, CISM, AWS Solutions Architect, AWS DevOps Engineer and/or ITIL certifications preferred
Base salary range: $106,000 - $162,000
Your TrueCar Experience
As a crew member, you’ll be primarily based out of your home as a part of our Dynamic Workplace strategy. We provide additional benefits & perks to assist our crew members in having a sustainable home workstation including monthly internet/mobile phone service reimbursement and furniture & equipment for your space.
You will receive excellent benefits that include but aren’t limited to 100% employer-paid health/vision/dental premium, 401k with company contribution, equity, a wellness stipend program, and a learning & development reimbursement program. We recognize that everyone needs an occasional recharge, so we offer a flexible PTO policy for exempt TrueCar Crew along with a generous PTO accrual policy for non-exempt TrueCar Crew, in addition to 14 company-paid holidays and 2 floating holidays. In short, we care deeply about our crew members and build employee-centric programs that prove it.
At TrueCar, we believe in the power of diversity to build a deeper understanding of our consumers and partners and drive innovation in our products. We welcome a workforce that reflects all the diversity of car-buying consumers. We encourage everyone interested in our company mission to apply. We do not discriminate on the basis of race, gender, religion, sexual orientation, age, or any other trait that is protected by applicable law. We will consider qualified applicants with arrest and conviction records in accordance with applicable law. In addition, TrueCar will provide reasonable accommodations for qualified individuals with disabilities.
TrueCar does not accept unsolicited agency submissions.
If you are based in California, we encourage you to read this important information for California residents linked here.
#LI-Remote