Senior Security Engineer - Cloud Specialist

Description

Join Team CARFAX as a Senior Security Engineer - Cloud Specialist

Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We’re more than just a company: We help millions of consumers make more informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment. One last thing: Our four-day week continues in Summer 2026!

We are seeking a highly skilled and motivated Senior Security Engineer - Cloud Specialistto join our dynamic Information Security team. The Senior Security Engineer - Cloud Specialist plays a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The Senior Security Engineer - Cloud Specialist collaborates with various IT and business teams to integrate security best practices into every aspect of the organization's operations.

At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 3 days per week in our Centreville, VA office subject to change with future business needs.

What you’ll be doing:

• Oversee and operate continuous monitoring of network traffic, systems, and applications to detect, analyze, and respond to cybersecurity threats and incidents, utilizing advanced security tools and methodologies for proactive defense.
• Operate continuous monitoring of public, private, or hybrid cloud environments, applications, and services to detect, analyze, and respond to security threats and findings, utilizing advanced cloud management and security tools.
• Lead cloud program functions, including detection, triage, investigation, containment, remediation, and reporting, ensuring minimal impact on business operations and continuously improving response processes through automation.
• Leveraging an offensive security mindset, proactively identify opportunities to enhance security measures, streamline processes, and optimize tooling, leveraging an offensive security mindset.
• Conduct in-depth analysis of cloud-related findings in systems and configurations to determine risk and assess the scope of issues and root cause, using standard practices.
• Develop and maintain a robust cloud management program that enhances the organization's cloud posture. This involves identifying and assessing risks within the cloud infrastructure, implementing and optimizing security controls, and ensuring regulatory compliance.
• Perform threat hunting activities using advanced analytical techniques and tools to identify and mitigate undetected threats, and potential vulnerabilities within the organization's cloud systems.
• Develop and deliver risk-based performance and security reports that provide actionable insights and recommendations by analyzing findings, threats, and vulnerabilities, informing decision-makers of the current cloud posture and ensuring alignment with organizational risk management strategies.
• Create and maintain comprehensive security documentation, including policies, procedures, and guidelines, and support security awareness training programs to educate staff about cyber threats, safe practices, and fostering a security-conscious culture.

What we're looking for:

• Bachelor’s degree in computer science, Information Technology, Cloud Computing, or a related field, or equivalent work experience in information technology.
• 4-7 years of experience in cloud management within a Cloud Security Operations team with a focus on Microsoft Azure and Amazon Web Services (AWS).
• Strong understanding of cloud technologies, tools, and frameworks (e.g., cloud management platforms, cloud security tools) and knowledge of programming languages and automation scripts (e.g., Python, PowerShell).
• Skilled in interpreting and analyzing data from multiple cloud management and security tools and sources to detect indicators of performance issues and malicious activities.
• Deep technical expertise in public and private cloud compute infrastructure and cloud-native technologies.
• Deep technical knowledge of security threats, risks, and vulnerabilities within IaaS, PaaS, and SaaS environments and integrations.
• Experience in cloud networking architecture and hybrid-cloud operations, network and encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP, and public key infrastructure (PKI).
• Experience in a multi-platform environment with containerized or VM-based Linux and Windows.
• Experience with container risk monitoring at both build and runtime and developing and maintaining expertise in cloud-native security solutions, including container security, Kubernetes, and cloud networking and security services.
• Excellent problem-solving skills, written and verbal communication skills, with an emphasis on clear and concise risk-based reporting; ability to work both collaboratively in a team environment and independently; eagerness to learn and a proactive attitude towards professional development.

What’s in it for you:

• Competitive compensation, benefits and generous time-off policies
• 4-Day summer work weeks and a winter holiday break
• 401(k)/DCPP matching
• Annual bonus program
• Casual, dog-friendly, and innovative office spaces
• For a comprehensive list of benefits, please visit our website: https://jobs.jobvite.com/carfax/p/benefits

Don’t just take our word for it:

• 10X Virginia Business Best Places to Work
• 10X Washingtonian Great Places to Work
• 9X Washington Post Top Workplace
• St.Louis Post-Dispatch Best Places to Work

About CARFAX and S&P Global Mobility
S&P Global has recently announced the intent to separate our Mobility Segment into a standalone public company.

CARFAX, part of S&P Global Mobility, helps millions of people every day confidently shop, buy, service and sell used cars with innovative solutions powered by CARFAX vehicle history information. The expert in vehicle history since 1984, CARFAX provides exclusive services like CARFAX Used Car Listings, CARFAX Car Care, CARFAX History-Based Value and the flagship CARFAX® Vehicle History Report™ to consumers and the automotive industry. CARFAX owns the world’s largest vehicle history database and is nationally recognized as a top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Service, Sell – Show me the CARFAX™. S&P Global Mobility is a division of S&P Global (NYSE: SPGI). S&P Global is the world’s foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets.

US Equal Opportunity Employer Statement:CARFAX is an Affirmative Action/Equal Opportunity Employer. It is the policy of CARFAX to provide equal employment opportunity to all persons regardless of race, color, sex, pregnancy, religion, national origin, age, ancestry, citizenship status, veteran status, military status, disability or handicap, sexual orientation, genetic information or any other status protected by federal, state or local law. In addition, CARFAX will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. We are a participant in E-Verify.

Canadian Equal Opportunity Employer Statement:CARFAX Canada is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.

We’re committed to providing accommodations by request for candidates taking part in all aspects of the recruitment and selection process. For a confidential inquiry or to request an accommodation, please contact your recruiter or email [email protected].