Lead Product Security Engineer

The holds an engineering leadership role that drives the development of process and automation solutions around our application security tools. This individual will guide the team to contribute to these initiatives with quality in mind. They will also guide technical and security engineering discussions within the team, and will be seen as an authority on secure coding, secure infrastructure, and secure design best practices. They will help to imagine and shape the systems and process flows on incorporating security organically into the engineering teams' day to day workflows.
This engineer will work with AWS and other cloud technologies as well as a variety of commercial and open source security products and frameworks. While this is an individual contributor role, you'll be involved in many aspects - help evolve our existing architecture, reduce complexity, work with engineering teams to improve operations, and implement and operationalization new security tooling, as needed. Beyond automation of onboarding or usage of our application security tools, we strive for continuous improvement of processes and the integration of best practices. We're looking for someone who has an interest in application security, cloud technologies and a passion to help the organization create secure-by-default world-class software.
Key Responsibilities:

• Reporting to the Product Security Director, serves as a member of the Product Security Engineering team
• Works with partner engineering teams to create applications and services that align to the Pproduct Ssecurity mission and goals and in order to create a paved road
• Leverages technology (tools, capabilities, processes) to level up software engineering teams' secure coding practices and knowledge
• Operationalizes off the shelf application security tools to help engineering teams build, deploy and deliver secure software
• Provide situational white glove service to critical business engineering teams
• Must be able to help engineering teams fix application security defects using a variety of technology stacks
• Promotes incorporation of security processes and practices to make security an organic part of a declarative pipeline model (e.g. CICD practices)
• Communicate process and tool automation improvements to the Product Owner and Product Manager, as opportunities and repeating concerns are observed
• Helps define the team's tasks and objectives, based on continuing analysis of service requests
• Creates automation solutions to support tool administration and operation
• Consistently exhibits a positive attitude and desire to help the team to succeed
• Design and build monitoring systems for developed automation applications and services
• Participate in On-call rotation with the team (once every 3-4 weeks)
• Consistently meets or exceeds predefined support and services Service Level Objectives (SLOs)
• Executes tasks with minimal supervision

• Bachelor's Degree; (preferably Computer Science or Cybersecurity) and 6 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 4 years'; or a P.h.D. and 1 year of related experience; or 18 years' experience in a related field.
• Proven and demonstrable experience building software applications with technologies like C#, Java
• Proven and demonstrable experience with front end or Javascript frameworks like Typescript and Node.js
• Experience designing and implementing security solutions and processes around application security tools
• Experience administering, maintaining and supporting application security tools and services
• Experience with at least 3 areas of the following application security areas and tooling: cloud, application code, mobile applications, and API.
• Strong cloud infrastructure experience, preferably AWS and Azure
• Solid understanding of DevOps - automated deployments and release orchestration
• Solid understanding of containers and microservice architecture
• A solid understanding and knowledge of the latest cybersecurity threats, current best practices, and related software
• Excellent communication, interpersonal and teamwork skills
• Strong analytical and problem solving skills
• Excellent attention to detail

• Master's in Cybersecurity or equivalent experience
• Threat modeling
• Fundamental understanding of modern cloud architecture (containerization, databases, message queueing, events, etc.)
• Familiarity with Infrastructure as Code technology such as Terraform
• An understanding of deployment methodologies like Blue/Green, Canary, etc.
• Familiarity with various Cloud monitoring tools (Cloudwatch, New Relic, Splunk)
• Familiarity with networking and network security
• Familiarity with Cloud security tools
• Experience with scalable networking technologies
• Familiarity with standard IT security practices such as encryption, certificates, and key management
• Minimum 1 year of mobile application development experience
• Working knowledge of infrastructure technologies such as OS (Linux and Windows), Network, Database, Server, Storage etc.
• Comfortable with build and deploy tools
• Experience managing, building, debugging and deploying Docker containers and microservice architecture
• Experience in a consulting, services, or platform engineering role

USD 117,300.00 - 195,500.00 per year

Compensation includes a base salary of $117,300.00 - $195,500.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.

The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, parental leave, and COVID-19 vaccination leave.
About Cox Automotive
At Cox Automotive, people of every background are driven by their passion for mobility, innovation and community. We transform the way the world buys, sells, owns and uses cars, accelerating the industry with global powerhouse brands like Autotrader, Kelley Blue Book, Manheim and more. What's more, we do it all with an emphasis on employee growth and happiness. Drive your future forward and join Cox Automotive today!
About Cox
Cox empowers employees to build a better future and has been doing so for over 120 years. With exciting investments and innovations across transportation, communications, cleantech and healthcare, our family of businesses - which includes Cox Automotive and Cox Communications - is forging a better future for us all. Ready to make your mark? Join us today!
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page .
Cox is an Equal Employment Opportunity employer - All qualified applicants/employees will receive consideration for employment without regard to that individual's age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.