Cox Automotive
Principal Cybersecurity Software Engineer
Cox Automotive, Scottdale, Georgia, United States, 30079
As a Principal Cybersecurity Software Engineer, you will lead the full stack development of innovative security tools designed to empower engineering teams in securely developing and deploying their applications. These tools range from intuitive web applications to command line interfaces, specifically crafted for internal use to streamline integration with secure pipeline controls. In this role, you'll operate and enhance tools across multiple cloud environments, making a significant impact at Cox Automotive.
This position reports directly to the Director of Security Engineering Enablement at Cox Automotive.
Key Responsibilities
In this role, you will: Lead the development and implementation of security engineering tools. Transform feature requests into actionable development plans. Mentor and guide junior developers on best coding practices and secure design principles. Collaborate with threat detection and vulnerability management teams to bolster continuous monitoring and reporting capabilities. Work alongside architecture, infrastructure, and technology teams to assess and enhance existing systems. Review artifact analyses to ensure environmental applicability and suggest necessary remediation. Participate actively in security events and incident responses, identifying design gaps and proposing effective solutions. Stay ahead of the curve by researching emerging security trends and technologies, recommending suitable enhancements. Minimum Qualifications
To succeed in this role, you should meet the following criteria: A Bachelor's degree in a relevant discipline and 6 years of related experience, or equivalent combinations of education and experience. A minimum of 4 years of focused experience in cybersecurity. Strong communication skills to convey cybersecurity policies to both technical and non-technical stakeholders. Proficient customer service, writing, and presentation abilities. Ability to foster a collaborative environment with key stakeholders, implementing cybersecurity best practices across various teams. A consultative approach to navigating complex topics with employees and senior leadership. Strong risk evaluation skills to make informed decisions based on potential business impact. Expertise in programming with Python and proficiency in C#, Java, or Go. Demonstrable experience with Front End or JavaScript frameworks, particularly Typescript and Node.js. Solid understanding of current cybersecurity frameworks and technologies, including zero trust architectures and containerization. Experience working with AWS and additional cloud services (GCP, Azure, etc.), as well as on-premises infrastructure. Familiarity with the AWS Well-Architected Framework. Extensive knowledge across various technologies, including .NET, Spring frameworks, and cloud service architectures. Creativity in solving complex cybersecurity challenges, combined with pragmatic business insight. Experience with Agile methodologies and DevSecOps principles. Proven experience in implementing change within Fortune 1000 environments. Knowledge of relevant cybersecurity frameworks (ISO 27000, NIST, etc.) and regulations (GDPR, GLBA). Preferred Qualifications
The ideal candidate will also have: Experience with security testing tools such as Veracode, Fortify, or BurpSuite. Familiarity with Infrastructure as Code technologies like Terraform. An understanding of deployment methodologies (e.g., Blue/Green, Canary). Experience with Cloud monitoring tools (e.g., CloudWatch, Splunk). Proficiency with build and deploy tools, including Github Actions. Experience in trunk-based development. Experience working with artifact repositories. Expertise in designing cybersecurity standards across all layers of hosting and application stacks. Knowledge of Identity and Access Management (IAM) and security protocols. Experience with firewalls, including web application firewalls and understanding of network architectures. Experience in critical infrastructure sectors (e.g., telecommunications, finance). Background in big four consulting or within Fortune 500 companies. Relevant industry certifications (e.g., CISSP, CEH, AWS, Azure). Compensation for this role ranges from $119,600.00 to $199,400.00 per year, depending on factors like location and experience. Additional incentives may also be available. Benefits include flexible vacation time, seven paid holidays, and up to 160 hours of paid wellness annually. Additional paid leave options are available for bereavement, voting, jury duty, volunteerism, military service, and parental leave.
In this role, you will: Lead the development and implementation of security engineering tools. Transform feature requests into actionable development plans. Mentor and guide junior developers on best coding practices and secure design principles. Collaborate with threat detection and vulnerability management teams to bolster continuous monitoring and reporting capabilities. Work alongside architecture, infrastructure, and technology teams to assess and enhance existing systems. Review artifact analyses to ensure environmental applicability and suggest necessary remediation. Participate actively in security events and incident responses, identifying design gaps and proposing effective solutions. Stay ahead of the curve by researching emerging security trends and technologies, recommending suitable enhancements. Minimum Qualifications
To succeed in this role, you should meet the following criteria: A Bachelor's degree in a relevant discipline and 6 years of related experience, or equivalent combinations of education and experience. A minimum of 4 years of focused experience in cybersecurity. Strong communication skills to convey cybersecurity policies to both technical and non-technical stakeholders. Proficient customer service, writing, and presentation abilities. Ability to foster a collaborative environment with key stakeholders, implementing cybersecurity best practices across various teams. A consultative approach to navigating complex topics with employees and senior leadership. Strong risk evaluation skills to make informed decisions based on potential business impact. Expertise in programming with Python and proficiency in C#, Java, or Go. Demonstrable experience with Front End or JavaScript frameworks, particularly Typescript and Node.js. Solid understanding of current cybersecurity frameworks and technologies, including zero trust architectures and containerization. Experience working with AWS and additional cloud services (GCP, Azure, etc.), as well as on-premises infrastructure. Familiarity with the AWS Well-Architected Framework. Extensive knowledge across various technologies, including .NET, Spring frameworks, and cloud service architectures. Creativity in solving complex cybersecurity challenges, combined with pragmatic business insight. Experience with Agile methodologies and DevSecOps principles. Proven experience in implementing change within Fortune 1000 environments. Knowledge of relevant cybersecurity frameworks (ISO 27000, NIST, etc.) and regulations (GDPR, GLBA). Preferred Qualifications
The ideal candidate will also have: Experience with security testing tools such as Veracode, Fortify, or BurpSuite. Familiarity with Infrastructure as Code technologies like Terraform. An understanding of deployment methodologies (e.g., Blue/Green, Canary). Experience with Cloud monitoring tools (e.g., CloudWatch, Splunk). Proficiency with build and deploy tools, including Github Actions. Experience in trunk-based development. Experience working with artifact repositories. Expertise in designing cybersecurity standards across all layers of hosting and application stacks. Knowledge of Identity and Access Management (IAM) and security protocols. Experience with firewalls, including web application firewalls and understanding of network architectures. Experience in critical infrastructure sectors (e.g., telecommunications, finance). Background in big four consulting or within Fortune 500 companies. Relevant industry certifications (e.g., CISSP, CEH, AWS, Azure). Compensation for this role ranges from $119,600.00 to $199,400.00 per year, depending on factors like location and experience. Additional incentives may also be available. Benefits include flexible vacation time, seven paid holidays, and up to 160 hours of paid wellness annually. Additional paid leave options are available for bereavement, voting, jury duty, volunteerism, military service, and parental leave.