Principal Security Engineer, Operations

Who we are
At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we're the largest and fastest-growing automotive marketplace, and we've been profitable for over 15 years.
What we do
The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus-our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!
Role overview
We're seeking a Principal Security Engineer, Operations who will lead the design, development, and operation of scalable detection and defensive security controls across our cloud-first and hybrid environments. This individual will be a key technical leader within the Information Security team, responsible for evolving our threat detection, response, and prevention capabilities. The ideal candidate has deep experience in both red and blue team methodologies and exercises, with a proven ability to think like an attacker while building resilient detection infrastructure that scales.
This role is foundational to our cloud and infrastructure security strategy programs and will help define the future of our threat detection architecture.
What you'll do

• Evaluate, advise, and deploy new security technologies alongside other technologies Information Security and peer partners (e.g. Platform Engineering, IT).
• Design, architect, and implement scalable detection pipelines across cloud (e.g. AWS, Azure, GCP) endpoints, identity, DLP, and SaaS platforms that support proactive threat identification and response.
• Mature our Security Information and Event Management (SIEM) and centralized logging capabilities, focusing on enrichment, correlation, and high-signal detections.
• Develop detection-as-code practices and CI/CD pipelines for deployment and tuning of detection logic.
• Make thoughtful long-term architectural design and strategy decisions for our Cloud Native Application Protection Platform (CNAPP) to ensure coverage, efficiencies and reduce false positives while maintaining continuity across multiple infrastructure environments.
• Work with infrastructure-as-code (IAC) technologies to establish automated security configurations for platform hardening and cloud-native control enforcement.
• Collaborate closely with AppSec offensive security, and Cloud Engineering teams to identify detection opportunities and test control efficacy.
• Partner with our Technical Leadership Team (TLT) to provide feedback and guidance related to security operational decisions to support the product development of our platform.
• Implement necessary security changes to support our Identity Governance Access (IAG) program and Role-Based Access Control (RBAC) models.
• Contribute to third-party vulnerability and penetration testing engagements and feed learnings into the broader detection engineering strategy.
• Continuously improve our vulnerability management program by triaging issues and identifying gaps in pre-production versus post-production detection.
• Ensure alignment to industry frameworks such as CIS Controls, ISO 27XXX, and NIST, embedding defensible security practices across the stack.
• Act as the Incident Commander of the Security Incident Response Team (SIRT), overseeing triage, containment, and forensics during investigations.

What you'll bring

• 7+ years in detection engineering, security operations, or a similar role, with a strong track record building detection logic in large-scale or cloud-native environments.
• Experience architecting and deploying detection pipelines across platforms like AWS, GCP, or Azure using tools such as Chronicle, Splunk, Panther, or open-source equivalents.
• Strong red + blue team mindset: you think like an attacker and build defenses that go beyond surface-level detection.
• Expertise in cloud control plane monitoring, identity threat detection, and infrastructure log analysis.
• Deep familiarity with adversary TTPs (MITRE ATT&CK), anomaly-based detection techniques, and event correlation strategies.
• Experience operationalizing detection-as-code pipelines (e.g., CI/CD for detection logic).
• Ability to communicate detection priorities and incident insights to technical and non-technical stakeholders.
• Authored and maintained infrastructure security policies, standards, and procedures
• History of working on a Security Incident Response Team (SIRT) investigating events, triaging potential incidents, containing environments, conducting forensics analysis
• Experience evaluating, running PoCs, and deploying new security tooling solutions.

Working at CarGurus
We reward our Gurus' curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us. Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways. A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being. Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.
We welcome all
CarGurus strives to be a place to which people can bring the ultimate expression of themselves and their potential-starting with our hiring process. We do not discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We foster an inclusive environment that values people for their skills, experiences, and unique perspectives. That's why we hope you'll apply even if you don't check every box listed in the job description. We also encourage you to tell your recruiter if you require accommodations to participate in our hiring process due to a disability so we can provide the appropriate support. We want to know what only you can bring to CarGurus. #LI-Hybrid