Who we are
At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we're the largest and fastest-growing automotive marketplace, and we've been profitable for over 15 years.
What we do
The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus-our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!
Role overview
This role is fundamental in designing the preventative and operating the detective, security control programs for our cloud and corporate infrastructure and products. This role is a critical leadership role within the Information Security team and functions as a thought-leader for infosec organizationally.
What you'll do
- Design, architect, and implement defensive security controls across on-prem and cloud environments (AWS, Azure, GCP) in accordance with CIS Controls and NIST frameworks
- Work with infrastructure-as-code technologies to establish automated security configurations to support platform hardening, security controls and policies in the infrastructure deployment pipeline
- Manage Intrusion Detection System (IDS) and make necessary changes for accurate threat detection and remediation of identified issues
- Scan, triage and remediate security vulnerabilities while continuing to mature the vulnerability management program
- Manage third-party vulnerability and penetration testing engagements
- Build out our Security Information and Event Management (SIEM) solution, incident response, and forensic capabilities
- Act as the Incident Commander of the Security Incident Response Team (SIRT)
What you'll bring
- 5-7 years of experience securing cloud agnostic infrastructure (AWS, Azure, GCP) and datastores (MySQL, MongoDB, RDS) including use of automation and container deployment (Docker, Kubernetes, Terraform, Chef, Puppet)
- Extensive experience managing an IDS, SIEM and vulnerability management solutions in a hybrid environment
- Solid understanding of RBAC models and SSO solutions (SAML 2, OAuth 2, OIDC)
- Proficient in system hardening and patch management strategies
- Authored and maintained infrastructure security policies, standards, and procedures
- History of working on a Security Incident Response Team (SIRT) investigating events, triaging potential incidents, containing environments, conducting forensics analysis
Working at CarGurus
We reward our Gurus' curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us. Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways. A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being. Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.
We welcome all
CarGurus strives to be a place to which people can bring the ultimate expression of themselves and their potential-starting with our hiring process. We do not discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We foster an inclusive environment that values people for their skills, experiences, and unique perspectives. That's why we hope you'll apply even if you don't check every box listed in the job description. We also encourage you to tell your recruiter if you require accommodations to participate in our hiring process due to a disability so we can provide the appropriate support. We want to know what only you can bring to CarGurus. #LI-Hybrid
Top Skills
CarGurus Boston, Massachusetts, USA Office
Our Boston HQ is located in historic Back Bay, near countless shopping, dining, and transportation options. Admire the breathtaking views in this amenity-filled space as you enjoy our flexible seating, rooftop terraces, and fully staffed barista bar.
Similar Jobs at CarGurus
What you need to know about the Boston Tech Scene
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
