Senior Threat Detection and Response Engineer

Senior Threat Detection and Response Engineer

At CarGurus, our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we're the largest and fastest-growing automotive marketplace, and we've been profitable for over 15 years.

The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus—our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!

CarGurus is looking for a Senior Security Engineer to add to our growing Threat Detection and Response (TD&R) Team. This is a hands-on technical role that will build our first line of defense against cybersecurity threats in a complex and evolving landscape. You will be responsible for our detection and response lifecycle, identifying and preventing threats from impacting our employees, customers and other stakeholders. As a Senior Security Engineer, you will have the opportunity to apply your experience to provide technical leadership to the team, build a platform to identify and stop threats, work with data to solve complex security challenges, and ultimately defend CarGurus against critical threats.

Build a platform to detect threats to the company using an engineering-first approach that prioritizes reliability, maintainability and scalability

Leverage AI and automation to streamline detection and response operations in a safe and reliable manner

Onboard, normalize and optimize security logging data to support detection engineering, applied ML models, and efficient querying during incidents.

Apply an engineering mindset to develop high-fidelity, rule-based and ML-driven detections as code, utilizing automated testing and CI/CD pipelines for deployment.

Own the end-to-end response to alerts, threats, and security incidents, including participating in on-call rotations

Proactively monitor the threat landscape to identify and track emerging threats, ensuring that appropriate detective and preventative controls are deployed

Partner with development teams to design controls for a cloud first infrastructure (AWS, Kubernetes, etc)

5+ years of experience in software, security, and/or data engineering

Strong desire to apply the latest technology including AI and ML to defend against threats

Experience with data pipelines and data engineering, especially centralized logging, SIEM tools, and data lakes

Desire to measure the success of your work with quantitative tools like Precision and Recall

Proficiency in at least one programming language like Python, Go or similar

Proven experience with cloud infrastructure and technologies like AWS, Kubernetes, containers, IaC, etc

Proven experience with good engineering practices like git/GitHub and CI/CD automations

Familiarity with tactics, techniques, and procedures used by threat actors

Experience detecting and responding to cybersecurity incidents

Strong passion for continuous learning, especially relating to cybersecurity and technology

Team player with strong oral and written communication skills

Effective ability to make decisions independently and provide clear technical guidance to others

Position Pay Range $146,000 — $184,000 USD

We reward our Gurus' curiosity and passion with best-in-class benefits and compensation, including equity for all employees, both when they start and as they continue to grow with us. Our career development and corporate giving programs, as well as our employee resource groups (ERGs) and communities, help people build connections while making an impact in personally meaningful ways. A flexible hybrid model and robust time off policies encourage work-life balance and individual well-being. Thoughtful perks like daily free lunch, a new car discount, meditation and fitness apps, commuting cost coverage, and more help our people create space for what matters most in their personal and professional lives.

CarGurus strives to be a place to which people can bring the ultimate expression of themselves and their potential—starting with our hiring process. We do not discriminate based on race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We foster an inclusive environment that values people for their skills, experiences, and unique perspectives. That's why we hope you'll apply even if you don't check every box listed in the job description. We also encourage you to tell your recruiter if you require accommodations to participate in our hiring process due to a disability so we can provide the appropriate support. We want to know what only you can bring to CarGurus.