This position will be the subject matter expert on all platforms that fall into category of CarMax’s® assets to ensure the protection, integrity and confidentiality of customer, vendor, employee, and business information in compliance with organization policies and standards utilizing current information security technology disciplines and industry standards. This is a unique opportunity at a Fortune 500 company and national brand to expand and develop skills beyond current endpoint or network focus to a broader skill and toolset in the security program. This opportunity provides the ability to both lead implementation and improvements while also providing the opportunity for hands-on operation across the full suite of security capabilities. The Cybersecurity Engineer performs all network and endpoint security activities necessary to ensure the safety of information systems assets and protects systems from intentional and inadvertent access or destruction under limited direction. This role interfaces with application, infrastructure, and network operations teams and develops the necessary procedures to maintain security and educates the user community. The Cybersecurity Engineer also provides metrics, status reports, and audit results for key stakeholders while driving improvements and program maturity.
Essential Responsibilities:
Desire to keep current with technology and client industry
Implement, develop, operate, and improve Cybersecurity solutions
Provide functional and technical expertise on projects that require Cybersecurity services
Gather information from the business and IT department to develop security-related processes and procedures to continuously improve the security posture of CarMax
Assist in driving tasks and projects to successful completion through effective project management, customer interaction, and IT coordination
Effectively triage support problems and respond with the appropriate level of urgency
Participate in a 24x7 on-call rotation as scheduled, and the ability to perform after hours support as needed
QUALIFICATIONS:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Technical Qualifications:
Network security technologies: Firewalls, Proxies, Network Access Controls, Intrusion Detection, Intrusion Prevention, Routing
Familiarity with identity concepts (Authentication, Authorization, and Governance), Data Loss Prevention, Secure coding and configuration standards
Functional proficiency with at least one coding or scripting language: PowerShell, Python, Java, JavaScript , etc
Windows server and Linux Operating Systems
Cloud technology (SaaS, IaaS, PaaS)
Excellent analytical, troubleshooting, and problem-solving skills and performs well in high pressure or stressful situations
Excellent organization and time management skills
Excellent communication skills to include, but not limited to, verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinions
Ability to effectively estimate the efforts of others and the impact required to accomplish requested tasks/projects
EDUCATION and/or EXPERIENCE:
1-5 years of experience in information security operations
Bachelor’s Degree in Computer Science, Engineering, Cybersecurity, or a related field or equivalent alternative education, skills, and/or practical experience is required.
Certifications: CISSP, CISA, Security+, CCNA or CCNP Security preferred
Work Location and Arrangement: This role will be based out of the Richmond, VA Technology Innovation Center. Associates based in Richmond work onsite 5 days per week.
Work Authorization: Applicants must be currently authorized to work in the United States on a full-time basis.
About CarMax
CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.
Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.
Our Commitment to Diversity and Inclusion:
CarMax is committed to bringing together people from different backgrounds and perspectives, providing employees with a safe, welcoming, and inclusive work environment.
CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.
Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.
Skills Required
- Relevant experience in cybersecurity, application development, DevSecOps, or a closely related technical discipline
- Strong foundational knowledge of application security concepts
- Practical knowledge of Azure and serverless application security
- Functional experience with at least one programming or scripting language
- Hands-on exposure to SAST and/or DAST tools
- Familiarity with Azure-native application architectures, CI/CD pipelines, and DevSecOps concepts
- Effective written and verbal communication skills
- Bachelor's degree in computer science, Engineering, Cybersecurity, or related field
- 2+ years of work experience in cybersecurity
- Knowledge of developer tools such as GitHub, Azure DevOps, and TeamCity
CarMax Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about CarMax and has not been reviewed or approved by CarMax.
-
Retirement Support — Retirement benefits appear robust, including a 401(k) with dollar-for-dollar matching up to the first 6% of base salary and immediate vesting. Stock purchase programs with a discount or match are positioned as an additional long-term wealth-building option.
-
Healthcare Strength — Health coverage is described as comprehensive, spanning medical, dental, vision, disability, and life insurance, with access beginning relatively early for eligible associates. Mental health resources and wellbeing programs are also present as part of the health offering.
-
Leave & Time Off Breadth — Time-off offerings are described as broad, including vacation, holidays, sick time, and paid leave related to new child placement or birth/adoption in addition to family medical leave options. The structure varies by role and tenure, but the overall menu is sizable.
CarMax Insights
What We Do
CarMax revolutionized the auto industry by delivering the honest, transparent and high-integrity car buying experience customers want and deserve. This disruptive thinking has helped us become the nation’s largest retailer of used cars with more than 200 stores nationwide. And thanks to our amazing team of nearly 25,000 associates, we have been recognized as one of the FORTUNE 100 Best Companies to Work For® - 16 years in a row! Committed to hiring people with strong values of integrity, transparency and respect, we offer unmatched training and support for associate career growth, and have been recognized as one of Training Magazine’s "Training Top 125" companies in America. We are also proud to be a best place to work for Veterans, and the #2 Best Workplace for Retail.
