Senior Cybersecurity Software Engineer

A Senior Cybersecurity Software Engineer plays a crucial role in the development of innovative security tools that empower engineering teams to build and deploy applications securely. From web applications to command line interfaces, these tools are tailored for internal use to streamline secure pipeline controls. This position involves developing and operating tools across various cloud environments where Cox Automotive is active. Responsibilities also extend to configuring and integrating vendor-supplied applications. This role reports directly to the Director of Security Engineering Enablement at Cox Automotive. Primary Responsibilities Lead the design and execution of tools developed by Security Engineering Enablement. Assess feature requests and devise strategic solutions for implementation by the team. Mentor junior developers in coding best practices and secure design methodologies. Collaborate with threat detection and vulnerability management specialists to enhance capabilities and integration points for continuous control monitoring and reporting. Partner with architecture, infrastructure, and technology teams to audit existing architecture, pinpoint gaps, and recommend security improvements. Conduct and/or evaluate analyses of artifacts for environmental suitability and remediation. Engage in security incidents and events to identify shortcomings in current designs and propose actionable solutions to mitigate future threats. Research and analyze emerging security trends, threats, and technologies, recommending enhancements accordingly. Minimum Qualifications Bachelor's degree in a relevant discipline with 6 years of pertinent experience; alternative combinations of education and experience are acceptable, such as a master's degree with 4 years of experience, a Ph.D. with 1 year, or 10 years of relevant experience. At least 4 years of dedicated experience in the field of cybersecurity. Ability to clearly articulate the purpose of specific cybersecurity policies and procedures to technical and non-technical stakeholders. Excellent customer service, writing, and presentation skills. Develop a collaborative working environment with key stakeholders and work closely with other Cox entities' cybersecurity teams to implement best practices. Ability to navigate complex topics collaboratively with employees and leaders, demonstrating a consultative approach. Evaluate risks and make informed decisions based on potential impacts and likelihood. Proficiency in Python and expertise in application development using C#, Java, or Go. Demonstrated experience with front-end or JavaScript frameworks, including Typescript and Node.js. Strong knowledge of contemporary cybersecurity and technology architectures such as zero trust, IaaS, PaaS, SaaS, virtualization, and containerization. Thorough understanding of cloud containers and/or serverless platforms (e.g., EKS, ECS, Lambda, Fargate). Experience with AWS and another cloud infrastructure (GCP, Azure, or OCI) alongside on-premises infrastructure. Familiarity with the AWS Well-Architected Framework. Extensive technical knowledge and recognized expertise in areas including .NET framework, Mono, Spring frameworks, Oracle, serverless solutions, cloud patterns, and service authentication. Ability to creatively address complex cybersecurity challenges while exhibiting sound business judgment. Proficient in using Agile methodologies and DevSecOps practices. Experience implementing change and deploying solutions in large organizations. Familiarity with cybersecurity frameworks (e.g., ISO 27000, NIST, FFIEC) and regulations that inform architectural requirements (e.g., GDPR, FFIEC, GLBA). Preferred Qualifications Experience with security testing tools such as Veracode, Fortify, BurpSuite, and Wiz. Familiarity with Infrastructure as Code technology like Terraform. Understanding of deployment methodologies including Blue/Green, Canary, etc. Experience with Cloud monitoring tools (CloudWatch, New Relic, Splunk). Comfort with build and deployment tools such as GitHub Actions. Familiarity with trunk-based development and GitHub as a code repository. Experience with artifact repositories. Background in developing and designing cybersecurity standards across all layers of hosting and application stacks in both cloud and on-premises environments. Knowledge in Identity and Access Management (IAM), cryptography/key management, secrets management, access controls, and security protocols (e.g., multi-factor, SAML, OAuth, OIDC). Experience with firewalls, web application firewalls, and an understanding of DMZ and other network architectures. Experience in critical infrastructure industries (telecommunications, financial services, defense, government, etc.). Experience with major consulting firms or Fortune 500 companies. Relevant industry certifications (e.g., CISSP, CEH, OSCP, Azure, AWS, CISM, CISA). Compensation for this role ranges from USD 119,600.00 to 199,400.00 per year, depending on location, knowledge, skills, and experience. This position may also be eligible for additional compensation through incentive programs. The company provides eligible employees flexible vacation time, seven paid holidays per year, and up to 160 hours of paid wellness time, which can be used for personal or family wellness. Additional paid time off is available for bereavement, voting, jury duty, volunteering, military service, and parental leave.