VACCINE POLICY: WHERE PERMITTED BY APPLICABLE LAW, YOU MUST BE FULLY VACCINATED AGAINST COVID-19 TO BE CONSIDERED FOR THIS U.S.-BASED JOB (REASONABLE ACCOMMODATIONS FOR MEDICAL AND RELIGIOUS OBJECTIONS WILL BE CONSIDERED).
Due to current COVID-19 restrictions, this is a temporary work from home role but will ultimately work in the Cox Automotive offices in Atlanta, Georgia / Dallas, Texas / Carmel, Indiana / Burlington, Vermont / Sacramento, California / Irvine, California / Austin, Texas
The Security Engineer II – Product Security (“Product Security Engineer”) is an experienced security engineer focused on helping Cox Automotive build secure products and software, with a strong emphasis on preventative measures.
The Product Security Engineer combines their software engineering background and security expertise to create security capabilities while protecting the Cox Automotive developer experience and making it easy to do the right thing.
The Product Security Engineer works on projects and operations related to application and software security testing capabilities for Cox Automotive, delivering rapid feedback for engineers and security quality reporting for product & security leaders.
The Product Security Engineer shares their knowledge as part of the product security center of excellence, providing guidance, references, education, and support to security ambassadors.
- Reporting to the Product Security Director, serves as a member of the Product Security Engineering team
- Maintains alignment with Engineering Enablement, Business Information Security Office, Cloud Business Office, and Engineering Operations leadership to ensure a unified approach to deploy security capabilities and services to engineering teams
- Works with Engineering Enablement to maintain the security of common build, test, integration, delivery, and deployment capabilities, and to align security services to common capabilities
- Works with the security metrics team to update product security scorecards and insights
- Provides input to a backlog of gaps and opportunities for security capabilities
- Builds security capabilities that standardize common security patterns, prevent bugs & exploits, automatically mitigate risks, and save development time
- Assists with threat modeling, making it easy for teams to write security requirements/stories/cases and associated tests
- May contribute to product protection capabilities such as WAF and RASP
- Provides support for software security testing capabilities, customer requests, and maintains high levels of service
- Promotes product security and helps educate engineering teams on secure development best practices and maintains references, patterns, and security decisions that assist developers
- Acts as an engineering advocate: uses common Cox Auto tools and technologies, beta-testing new Risk & Security initiatives, and providing feedback
Where permitted by applicable law, must be fully vaccinated against COVID-19 to be considered for this U.S. based job. (Reasonable accommodations for medical and religious objections will be considered.)
BA/BS Degree, preferably formal studies in Computer Science, Software Engineering, Information Systems, or equivalent
3+ years of combined experience in Software Engineering, Risk, and Security
Ability to read and write in Java or .NET and a scripting language
Experience with the one of the following:
static security analysis, linting, and code review
dynamic application security testing and manual application pentesting
threat modeling and secure design review
software component analysis and software supply-chain security
Experience working with APIs and service-oriented capabilities
Ability to work with product, engineering, and architecture team members and leaders
Ability to work in a fast-paced and dynamic environment
Excellent organizational, project management, and follow-up skills
Excellent communication, presentation, and reporting skills
Who We Are
About Cox Automotive
There’s nothing ordinary about Cox Automotive. We are people of every background driven by our passion for mobility, innovation, client success and community outreach. We make buying, selling and owning (or simply using) cars easier for everyone. Touching more than 40,000 clients across five continents, we bring together the best brands and the best teams to propel the automotive industry forward. Some of those team members work for our iconic consumer brands like Autotrader and Kelley Blue Book, while others are creating the future of automotive at industry-facing brands like Dealer.com, Manheim and vAuto.
We are the Cox family of businesses. We’ve been making our mark since 1898 by building and evolving world-class businesses, staying true to our values, and encouraging top talent to always look for growth and impact while building a career with us. Our primary divisions – Cox Communications and Cox Automotive – are driving a new wave of innovation, powering smart cities with powerhouse broadband communications and pioneering greener, more progressive transportation alternatives for individuals and fleet operators. We’re also expanding into new spaces like cleantech and healthcare to rev up our momentum toward building a better future for the next generation. We’re looking for the talent today who will be our leaders tomorrow. Sound intriguing? Learn more about where we are today, where we hope you’ll be going with us, and the common purpose that unites us at coxenterprises.com.
Benefits of working at Cox may include health care insurance (medical, dental, vision), retirement planning (401(k)), and paid days off (sick leave, parental leave, flexible vacation/wellness days, and/or PTO). For more details on what benefits you may be offered, visit our benefits page.
Cox is an Equal Employment Opportunity employer – All qualified applicants/employees will receive consideration for employment without regard to that individual’s age, race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender, gender identity, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. Cox provides reasonable accommodations when requested by a qualified applicant or employee with disability, unless such accommodations would cause an undue hardship.
Statement to ALL Third-Party Agencies and Similar Organizations: Cox accepts resumes only from agencies with which we formally engage their services. Please do not forward resumes to our applicant tracking system, Cox employees, Cox hiring manager, or send to any Cox facility. Cox is not responsible for any fees or charges associated with unsolicited resumes.