Senior DevOps Engineer

Who we are
At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we're the largest and fastest-growing automotive marketplace, and we've been profitable for over 15 years.
What we do
The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus-our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!
Role overview
CarGurus is seeking a Senior DevOps Engineer to join our Cloud Enablement team. This team builds and operates the cloud platform capabilities, automation, and guardrails that help engineering teams provision infrastructure, deploy services, and work securely in the cloud with less friction.
In this role, you will contribute to the design, implementation, and operation of scalable platform services that improve developer experience, strengthen reliability, and support self-service infrastructure across the company. We are looking for an engineer who is hands-on, execution-oriented, and motivated by building practical solutions that other engineers rely on every day.
Our primary domains include:

• Infrastructure Delivery: HCP Terraform workspaces, Terraform module registry governance, Sentinel and Semgrep policy enforcement, and self-service IaC paved paths for development teams.
• Secrets Management: HashiCorp Vault implementation, dynamic short-lived credentials, PKI/CA, and supporting the rollout of zero-static-credential patterns across production workloads.
• CI/CD Platform: GitHub Actions maturity (GHES, GitHub Connect, org-scoped runners), Concourse infrastructure, and pipeline supply-chain security.
• AWS Self-Service: No-code and IaC-driven provisioning for S3, Lambda, ElastiCache, and expanding the self-service catalog to new resource types.
• AI Infrastructure Governance: Governed Amazon Bedrock access, per-team token quotas and cost dashboards, Bedrock Savings Plan management, and developer AI tooling (Claude Code, GitHub Copilot) governance.
• Platform Integrity: Sentinel/Semgrep policy maturity, shift-left guardrails, pipeline hardening, and cloud maturity model advancement.

What you'll do

• Platform Delivery & Technical Ownership: Own the technical execution and delivery of significant platform capabilities. Author design docs and contribute to Architecture Decision Records (ADRs) for team-level decisions. Lead complex, multi-sprint initiatives (e.g., Vault dynamic secrets rollout, GitHub Actions maturity, AWS Sandbox self-service) end-to-end through to production.
• IaC Platform & Policy Engineering: Manage HCP Terraform workspaces, the Terraform module registry, and Sentinel/Semgrep policy implementations. Calibrate hard vs. advisory guardrails, eliminate false positives, and expand coverage as new resource types onboard to self-service.
• Secrets & Security Integration: Accelerate Vault adoption across CarGurus workloads - handling dynamic secrets, PKI/CA, transit encryption, and AWS dynamic IAM credentials. Execute the tactical roadmaps toward zero standing long-lived credentials in production.
• AI Infrastructure Governance: Maintain and operate our governed Amazon Bedrock platform, implementing per-team access controls, cost attribution, anomaly detection, and self-service access patterns. Assist in extending governance to developer AI tooling (Claude Code, Copilot) as adoption scales.
• Developer Enablement & Self-Service: Expand the AWS self-service catalog and paved-path IaC offerings so teams can provision, operate, and own cloud resources independently. Monitor adoption metrics and use feedback to prioritize the next platform investments.
• CI/CD & Pipeline Integrity: Execute GitHub Actions maturity initiatives including GitHub Connect adoption, org-scoped runner observability, bundled action governance, CircleCI adoption and migration, and pipeline supply-chain hardening. Ensure teams can deliver reliably on modern, self-owned CI/CD infrastructure.
• Mentorship & Code Quality: Actively grow teammates' capabilities through thorough code and IaC reviews, pairing on complex problems, and sharing context and patterns that help the immediate team move more independently. Contribute to team coding standards and documentation.
• Cross-Team Collaboration: Partner with adjacent teams (Cloud Infrastructure, SRE, DevX, and product engineering) to align on technical concerns at team boundaries. Represent Cloud Enablement's perspective clearly in shared discussions and help resolve integration ambiguity.
• Incident Management & Reliability: Participate in the team's on-call rotation and incident response. Apply incident learnings to improve platform reliability and reduce toil for the team and its customers.
• AI-Assisted Engineering: Actively incorporate AI tooling (Claude Code, GitHub Copilot, Amazon Q) into your engineering workflow - from generating and reviewing IaC to accelerating architecture exploration and incident triage.

What you'll bring

• 4+ years of professional experience in a hands-on DevOps, platform engineering, or cloud infrastructure role, performing the core responsibilities of this position.
• Cloud Infrastructure Depth: Significant experience operating production workloads in AWS including IAM, S3, Lambda, EKS, ElastiCache, EC2, and related services. Comfortable reasoning about security, cost, and reliability trade-offs at platform scale.
• Infrastructure as Code & Policy Engineering: High proficiency with Terraform, including HCP Terraform, remote state, module design, and workspace governance. Hands-on experience with Sentinel and/or Semgrep for policy-as-code enforcement.
• Secrets Management: Practical experience with HashiCorp Vault dynamic secrets, PKI/CA, AppRole/Kubernetes auth, or transit encryption. Experience migrating workloads from static credentials to short-lived credential models.
• CI/CD & Platform Engineering: Deep experience with GitHub Actions runner infrastructure, composite actions, GHES/GHEC, and supply-chain security practices. Familiarity with CircleCI or similar pipeline systems.
• FinOps & AI Awareness: Ability to reason about cloud cost attribution, resource tagging strategies, and FinOps tooling (e.g., CloudZero, AWS Cost Explorer). Familiarity with Amazon Bedrock, LLM API cost structures, and basic governance considerations (spend attribution, access controls).
• Programming & Automation: Proficiency in at least one scripting/programming language (Python, Go, or similar) for building automation, CLI tooling, and platform integrations.
• Systems Thinking & Communication: Able to distill complex technical problems into clear design docs, written proposals, and stakeholder-facing summaries. Comfortable working across teams to align on shared technical boundaries.

The displayed range represents the expected annual base salary / On-Target Earnings (OTE) for this position. On-Target Earnings (OTE) is inclusive of base salary and on-target commission earnings, which applies exclusively to sales roles.
Individual pay within this range is determined by work location and other factors such as job-related skills, experience, and relevant education or training.
This annual base salary forms part of a comprehensive Total Rewards Package. In addition to benefits, this role may qualify for discretionary bonuses/incentives and Restricted Stock Units (RSUs).
Position Pay Range
$137,000 - $171,000 USD
Working at CarGurus
We reward our Gurus' curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us. Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways. A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being. Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.
CarGurus may require in-person interviews as part of our hiring process, particularly for positions based in our Boston and Dublin offices. Candidates selected for an in-person interview will be notified in advance. Please be aware that travel expenses are the responsibility of the candidate.
We welcome all
CarGurus strives to be a place to which people can bring the ultimate expression of themselves and their potential-starting with our hiring process. We do not discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We foster an inclusive environment that values people for their skills, experiences, and unique perspectives. That's why we hope you'll apply even if you don't check every box listed in the job description. We also encourage you to tell your recruiter if you require accommodations to participate in our hiring process due to a disability so we can provide the appropriate support. We want to know what only you can bring to CarGurus. #LI-Hybrid