At Carvana, we sell cars, but we’re not salespeople. Since 2013, we’ve been making it our mission to change the way people buy cars. We saw a huge problem with how much it can suck to buy a car the traditional way, so we committed ourselves to tackling one of the largest, yet-to-be-disrupted markets in the world – the $1T per year U.S. car market (yes, that’s $Trillion with a “T”).

With the ability to search thousands of vehicles from our expansive inventory, to high-resolution 360° photographs of our vehicles’ interior and exterior, to real-time financing and the ability to complete contracts without visiting the back room of a dealership, we provide a seamless, online car buying experience for consumers that can be completed from their desktop or mobile device. All our vehicles are inspected and reconditioned based on our 150-point certification checklist and come with a 7-day return policy. We also operate our own logistics network to deliver cars to customers as soon as the next day, as well as offer customer pick-up at our state-of-the-art Car Vending Machine locations (yes, you read that right). By putting customer satisfaction at the core of our business, we’ve built a no-pressure, no-haggle online car buying experience that saves our customers time and money.

For more information on Carvana and our mission, sneak a peek at our company introduction video.

Job Description

The Senior Security Engineer will have the opportunity to form and own our new cyber security practice from scratch. They will be the subject matter expert on our Engineering team, responsible for enhancing and supporting Carvana's application security. An ideal candidate understands how to troubleshoot complex secure coding issues and has the ability to identify downstream impacts. The Senior Security Engineer is responsible for clearly communicating rationale and guidance for remediating security issues along with resolving problems using broad-based analysis and demonstrates scripting techniques to support innovative solutions.

Do you know how to identify a forked process in Linux? Or do you know how to prevent a golden ticket attack? Or do you know how to script pulling system logs from ANY system?

If you do we want to talk to you!

This position will support and enhance security infrastructure for a rapidly growing, cloud-based e-commerce. The Senior Security Engineer will also guide the development and maintenance of security policies, standards and guidelines, as well as mentors peers on security policies and practices. Additionally, they will collaborate with IT and DevOps to develop an information security roadmap that ensures the safety of customer, internal, and 3rd-party data.


  • Work with Sr. Leadership to plan and execute a new cyber security infrastructure.
  • Research, evaluate, design and develop security controls surrounding the employee experience including: identity and access management; endpoint accountability and security; mobile device security; email security and data loss prevention.
  • Evaluate and research emerging security solutions that are applicable to the business and provide value to the business.
  • Drive helpful security change into the business through the development of requirements for security, risk mitigation and to conform to applicable security standards.
  • Own the development of security standards and procedures.
  • Participate in vendor relationships, maintain roadmaps and track vendor support cases.
  • Other duties as assigned


  • Bachelor’s in Information Technology, Computer Science, Engineering or a related field. (required)
  • 5+ years of full time experience in dedicated, technical information security roles.
  • CEH, GIAC, OSCP or similar certification preferable.
  • Good grasp of operating systems (Windows, OSX, Linux) and networking protocols and concepts.
  • Strong knowledge of information security principles and practices.
  • Experience with scripting languages (Python, Powershell, Bash, Perl, Ruby, JavaScript, query languages) and RegEx.
  • Working knowledge of security frameworks & data protection regulations (NIST, GLBA, GDPR)
  • In-depth knowledge of applications, systems, network and data security, telecommunications, security operations, and associated hardware, software and protocols.

Nice to Haves

  • Experience with SAML 2.0 SSO.
  • Experience with G Suite and Google security features.
  • Knowledge of  internet security issues and the threat landscape
  • Knowledge of network vulnerability scanning techniques and nmap.
  • Knowledge of host-based information security technologies, Tanium, Crowdstrike.
  • Knowledge of the security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, Nutanix, and other market leaders in technology solutions, including mobile devices.
  • Knowledge of IDS/IPS, firewalls, proxies and other network security technologies.


Carvana is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

This role is eligible for visa sponsorship.

Apply for this Job

* Required