Senior Security Engineer

Posted Apr 12

TrueCar is a leading automotive digital marketplace and we are on a mission to make car buying and selling easy, transparent and efficient. We work to empower consumers with data, and foster connections with our network of Certified Dealers who share our belief that truth, transparency and fairness are the foundation to a great experience. We forge partnerships to power car buying programs for some of America’s most trusted brands. And we continually innovate to provide useful tools, research, market context and pricing transparency to help consumers feel empowered and confident all throughout their journey.

As consumers’ priorities and shopping habits shifted, so did we. We are building a modern day marketplace and invite you to come join the TrueCar Crew. You can have a real & direct impact on our journey as we continue to evolve and revolutionize the car buying and selling experience. We are seeking talented individuals who are excited by our mission to revolutionize & elevate the car buying & selling experience.

The Opportunity:

As a key member of the Security & Compliance team, you will contribute to a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting TrueCar in meeting our strategic goals. This role will champion organizational security through positive knowledge-sharing, training, influencing, and conduct.

How you will contribute to TrueCar’s success:

Drive discussions concerning system configurations, deployment, monitoring, alerting, security tooling, processes, and general secure architecture
Triage alerts and lead mitigations
Take ownership of standard operating procedures (SOPs) and assist with reviewing and writing policies
Work with development teams to securely design the architecture and processes of computer systems, networks and information. This includes security considerations as part of the SDLC process.
Coordinate penetration testing and vulnerability assessments to identify security strengths and weaknesses, assess the effectiveness of existing controls, and provide recommendations for remedial action where needed.
Identify, define, and help implement system security requirements based on industry best practices and obligations to third parties.
Develop technical solutions and operationalize existing security tools to help mitigate security vulnerabilities and automate repeatable tasks.
Assess and recommend proper security procedures to manage third-party risk and ensure that partners, dealers, and associated agencies follow TrueCar security requirements.
Work with internal and external auditors to convey security controls and resolve audit findings
Work with Compliance on ad-hoc company-wide projects and help automate and operationalize dashboards for easy reporting.
Act as a key resource for investigating security incidents, triaging, and incident response.

Your Expertise:

Demonstrated success in a security engineering role
Excellent verbal and written communication skills
Collaborate well with technical and non-technical teams
Possess a growth mindset and bias for action
Lead security-related tasks and projects
Proven ability to configure a variety of security tooling, networking, servers, and/or endpoints (DLP, SAST, DAST, EDR, Proofpoint)
Ability to script and configure automation tooling
Understand the tactics, tools, and procedures (TTPs) of threat actors and how to mitigate exploitation
Ability to identify a variety of Indicators of Compromise (IOCs) and mitigation strategies
Understand IAM and user lifecycle best practices
Conduct proactive threat hunting and/or penetration testing
Understand attack methods, indicators of compromise, and mitigation strategies to protect against threat actors
Understand OWASP top 10, CIS top 18, NIST, SOC 2
Working knowledge of Cyber Kill Chain, MITRE ATT&CK, and/or STRIDE
Understand IAM and directory services
Working knowledge of email/DNS configuration best practices, cloud environments, automation tooling (Terraform, Ansible), and web frameworks/infrastructure fundamentals
Security+, Network+, GPEN, GWAPT, GCED, CISA, CISM, AWS Solutions Architect, AWS DevOps Engineer and/or ITIL certifications preferred

Base salary range: $106,000 - $162,000

Your TrueCar Experience

As a crew member, you’ll be primarily based out of your home as a part of our Dynamic Workplace strategy. We provide additional benefits & perks to assist our crew members in having a sustainable home workstation including monthly internet/mobile phone service reimbursement and furniture & equipment for your space.

You will receive excellent benefits that include but aren’t limited to 100% employer-paid health/vision/dental premium, 401k with company contribution, equity, a wellness stipend program, and a learning & development reimbursement program. We recognize that everyone needs an occasional recharge, so we offer a flexible PTO policy for exempt TrueCar Crew along with a generous PTO accrual policy for non-exempt TrueCar Crew, in addition to 14 company-paid holidays and 2 floating holidays. In short, we care deeply about our crew members and build employee-centric programs that prove it.

At TrueCar, we believe in the power of diversity to build a deeper understanding of our consumers and partners and drive innovation in our products. We welcome a workforce that reflects all the diversity of car-buying consumers. We encourage everyone interested in our company mission to apply. We do not discriminate on the basis of race, gender, religion, sexual orientation, age, or any other trait that is protected by applicable law. We will consider qualified applicants with arrest and conviction records in accordance with applicable law. In addition, TrueCar will provide reasonable accommodations for qualified individuals with disabilities.

TrueCar does not accept unsolicited agency submissions.

If you are based in California, we encourage you to read this important information for California residents linked here.

#LI-Remote