Role overviewCarGurus is looking for a Security Engineer II to add to our growing Threat Detection and Response (TD&R) Team. This is a hands-on technical role that will build our first line of defense against cybersecurity threats in a complex and evolving landscape. You will be responsible for our detection and response lifecycle, identifying and preventing threats from impacting our employees, customers and other stakeholders. As a Security Engineer II, you will have the opportunity to build a platform to identify and stop threats, work with data to solve complex security challenges, and serve as the primary defender for the CarGurus ecosystem.
What you'll do- Build tools and techniques to detect threats to the company using an engineering-first approach that prioritizes reliability, maintainability and scalability
- Leverage AI and automation to streamline detection and response operations in a safe and reliable manner
- Onboard, normalize and optimize security logging data to support detection engineering, applied ML models, and efficient querying during incidents.
- Develop high-fidelity, rule-based and ML-driven detections as code, utilizing automated testing and CI/CD pipelines for deployment.
- Respond to alerts, threats, and security incidents, including participating in on-call rotations
- Monitor the threat landscape to identify and track emerging threats, ensuring that appropriate detective and preventative controls are deployed
- Partner with development teams to design controls for a cloud first infrastructure (AWS, Kubernetes, etc)
What you'll bring- 3+ years of experience in software, security, and/or data engineering
- Strong desire to apply the latest technology including AI and ML to defend against threats
- Experience with data pipelines and data engineering, especially centralized logging, SIEM tools, and data lakes
- Desire to measure the success of your work with quantitative tools like Precision and Recall
- Experience in at least one programming language like Python, Go or similar
- Experience with cloud infrastructure and technologies like AWS, Kubernetes, containers, IaC, etc
- Experience with good engineering practices like git/GitHub and CI/CD automations
- Familiarity with tactics, techniques, and procedures used by threat actors
- Familiarity detecting and responding to cybersecurity incidents
- Strong passion for continuous learning, especially relating to cybersecurity and technology
- Team player with strong oral and written communication skills
The displayed range represents the expected annual base salary / On-Target Earnings (OTE) for this position. On-Target Earnings (OTE) is inclusive of base salary and on-target commission earnings, which applies exclusively to sales roles.
Individual pay within this range is determined by work location and other factors such as job-related skills, experience, and relevant education or training.
This annual base salary forms part of a comprehensive Total Rewards Package. In addition to benefits, this role may qualify for discretionary bonuses/incentives and Restricted Stock Units (RSUs).
Position Pay Range
$107,000-$135,000 USD
