Senior Security Analyst, Information Security at Carvana
If you like disrupting the norm and are looking for a company revolutionizing an industry then you will LOVE what Carvana has done for the car buying experience. Buying a car the old fashioned way sucks and we are working hard to make it NOT suck. At Carvana, our customers can hop online to...
- Search and browse our inventory of over 20,000 vehicles that we own and certify.
- Narrow down search results using highly intelligent filtering tools/components.
- View vehicle details, Carfax reports, and 360 rotating studio images for every vehicle.
- Secure financing in minutes using Carvana’s in-house service or their own bank.
- Interact with GUI components to easily customize loan length, down payment, and monthly payment.
- Generate, upload, and eSign all documents online (no ink necessary).
- Schedule front door delivery or pick up at one of our vending machines.
- Trade-in their existing vehicle or just sell it to Carvana (no purchase necessary).
For more information on Carvana and our mission, sneak a peek at our company introduction video or learn more about what it’s like to work here from the people that already do.
About the team and position
Working in the IT Team at Carvana you will notice that….
We need to be super approachable and always willing to go above and beyond to help our Carvana family. It could be as simple as connecting their monitor to as complicated as tuning their flux capacitor to precisely 1.21 gigawatts! We expect smart people who are doers with bright ideas, willing to put their game-face on, take on new challenges and juggle many assignments at once.
We are looking for an experienced Senior Security Analyst specialized in Incident Response(IR) and Detection and has a wide breadth of knowledge in the security space. You will be part of a team that is responsible for the security of the Carvana environment, which includes on-premise and cloud infrastructures. With a focus on Threat and Response, our team takes care of all security incident related tasks and projects. Most of your time will be spent working on operational tasks such as IR, conducting forensic and SIEM tuning. You will also participate in fun engineering projects that aim to improve Carvana's overall security.
What you’ll be doing
- Conduct network, systems forensics and log analysis utilizing SIEM and other security tools.
- Ensure effective collection, correlation, and analysts of security-related information.
- Build upon the current library of process and playbook documentation to emerging threats.
- Utilize various information security controls to accomplish full incident containment, and mitigation.
- Assist with defining and improving security policies, technical controls, processes and standards.
- Participates in security investigations and compliance reviews, as requested by Risk and Compliance.
- Research and assess new threats and security alerts, and recommends remedial actions.
- Configure and maintain monitoring and alerting tools including executive and management dashboards and reporting.
- Participates in incident response and handling as needed.
- Work with network engineers, systems administrators, and applications owners to improvelement security controls and processes.
- Participate in different security operations projects, including automation of repetitive processes.
- Manage the investigation of incidents from incident identification to eradication and recovery.
What you should have
The qualifying candidate must be enthusiastic, energetic and possess advanced troubleshooting skills. Your experience will ensure the stability, integrity, and efficient operation of the on-premise and hosted environments. You should have:
- Minimum of 3 Years of experience in the Information security field.
- Have deep technical knowledge and expertise of current attack vectors, Threat hunting, and creating effective infosec best practices.
- Deep understanding of TCP/IP, attack models ( such as MITRE's ATT&CK framework), and experience applying them at scale.
- Hands-on experience in creating detection correlation rules, basic integration, and intelligence gathering.
- Hands-on experience with Incident response, and containment practices.
- Good understanding of cloud environments (such as GCP, AWS, Azure).
- A broad base of technical knowledge in system administration, network engineering, application security practices and compliance.
- Advanced Splunk or Tanium EDR knowledge and experience.
- Proven track record of delivery results in a fast paced environment.
- Communicate clearly and effectively.
- Technical writing skills.
What we’ll offer in return
- Full-Time Salary Position with a competitive salary.
- Medical, Dental, and Vision benefits.
- 401K with company match.
- A multitude of perks including student loan payments, discounts on vehicles, benefits for your pets, and much more.
- A great wellness program to keep you healthy and happy both physically and mentally.
- Access to training and conference opportunities as well as great on-the-job training.
- A company culture of promotions from within, with a start-up atmosphere allowing for varied and rapid career development.
- A seat in one of the fastest-growing companies in the country.
To be able to do your job at Carvana, there are some basic requirements we want to share with you.
- Must be able to read, write, speak, and understand English.
- Requires excellent visual acuity and manual dexterity.
Of course, we’ll make any reasonable accommodations for those with disabilities to perform the essential functions of their jobs.
Hiring is contingent on passing a complete background check. This role is not eligible for visa sponsorship.
Carvana is an equal employment opportunity employer. All applicants receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, marital status, national origin, age, mental or physical disability, protected veteran status, or genetic information, or any other basis protected by applicable law. Carvana also prohibits harassment of applicants or employees based on any of these protected categories.
Please note this job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.