Senior Cyber Security Engineer

Description

Join Team CARFAX as a Senior Cyber Security Engineer 

Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We're more than just a company: We help millions of consumers make more informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment. One last thing: Our four-day work week continues in Summer 2025! 

We are seeking a highly skilled and motivated Senior Cyber Security Engineer to join our dynamic Information Security team. The Senior Cyber Security Engineer plays a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The Senior Cyber Security Engineer collaborates with various IT and business teams to integrate security best practices into every aspect of the organization's operations.

At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 2 days per week in our London, ON office subject to change with future business needs.

What you'll be doing:
 

• Develop and Implement Security Strategies - Formulate and execute comprehensive cyber security strategies aligned with organizational goals.
• Lead comprehensive cyber security programs and develop detailed project plans, including scope, timelines, resources, and budget. Oversee program team members for the successful execution of the cyber security programs.
• Configuration Management - Implement and maintain system hardening measures across various platforms and ensure compliance with security best practices.
• Vulnerability Management - Conduct regular vulnerability assessments and security audits to identify and remediate security gaps and implement mitigation strategies.
• Perform risk-based analysis on security findings and guide stakeholders in prioritizing remediation work.
• Incident Response and Forensics - Lead incident response efforts, performing forensic analysis and implementing remediation plans.
• Security Tooling - Design, deploy, and maintain security tooling such as Endpoint Detection and Response (EDR), vulnerability & compliance scanners, data-loss prevention (DLP), and other security detection/prevention technologies.
• Continuous Improvement - Regularly review and enhance the cyber security program to address emerging threats and vulnerabilities.
• Serve as a subject matter expert on cybersecurity issues and provide guidance to stakeholders and other business units.
• Serve as technical escalation point for junior team members, staff, and vendors/partners.
• Stakeholder Communication - Communicate security status, incidents, and strategic initiatives to stakeholders and senior management.
• Maintain detailed documentation of security policies, procedures, incident response activities, and assessment results.

What we're looking for:
 

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Professional certifications such as CISSP, CEH, CISM, or equivalent.
• Minimum of 7 years of experience in cybersecurity engineering or a related role.
• Working knowledge or experience of ALL core Security programs (ex. Vulnerability Mgmt., Identity & Access Management, Application Security, Incident Mgmt., Network Security, Security Awareness & Training, etc.)
• Proficient in conducting vulnerability assessments using tools like Nessus, Qualys, or OpenVAS. Ability to perform penetration testing and security assessments using tools such as Metasploit and Kali Linux.
• Proficiency in administering and securing various operating systems, including Linux, Windows, macOS, and Unix. This includes familiarity with command-line interfaces, system configuration, and patch management.
• System hardening experience utilizing industry benchmarks (e.g. CIS/DISA STIG)
• In-depth understanding of network architecture, protocols, and services and associated network security technologies (firewalls, WAFs, packet filtering)
• Proficiency in TCP/IP, HTTPS, SSL/TLS, IPSec, SSH, and other foundational network security protocols. Understanding how these protocols work and how they can be exploited.
• Proficient in identifying indicators of compromise (IOCs) and advanced persistent threats (APTs). Experience with threat hunting techniques and security platforms like CrowdStrike, Carbon Black, or Splunk.
• Ability to lead incident response efforts, conduct forensic analysis, and implement remediation strategies following a security breach.
• Understanding of compliance frameworks and regulations such as GDPR, HIPAA, PCI-DSS, and ISO 27001. Experience in ensuring systems and processes align with these standards.
• Excellent analytical, problem-solving, decision-making and communication skills.
• Ability to manage multiple tasks and projects in a fast-paced environment.
• Ability to work independently with very minimal guidance, while also collaborating with team members and providing leadership direction.

What's in it for you:
 

• Competitive compensation, benefits and generous time-off policies
• 4-Day summer work weeks and a winter holiday break
• 401(k)/DCPP matching
• Annual bonus program
• Casual, dog-friendly, and innovative office spaces
• For a comprehensive list of benefits, please visit our website: https://jobs.jobvite.com/carfax/p/benefits

Don't just take our word for it:
 

• 10X Virginia Business Best Places to Work
• 10X Washingtonian Great Places to Work
• 9X Washington Post Top Workplace
• St.Louis Post-Dispatch Best Places to Work

About CARFAX

CARFAX, part of S&P Global Mobility, helps millions of people every day confidently shop, buy, service and sell used cars with innovative solutions powered by CARFAX vehicle history information. The expert in vehicle history since 1984, CARFAX provides exclusive services like CARFAX Used Car Listings, CARFAX Car Care, CARFAX History-Based Value and the flagship CARFAX® Vehicle History Report™ to consumers and the automotive industry. CARFAX owns the world's largest vehicle history database and is nationally recognized as a top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Service, Sell - Show me the CARFAX™. S&P Global Mobility is a division of S&P Global (NYSE: SPGI). S&P Global is the world's foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. 

CARFAX is an Affirmative Action/Equal Opportunity Employer. It is the policy of CARFAX to provide equal employment opportunity to all persons regardless of race, color, sex, pregnancy, religion, national origin, age, ancestry, citizenship status, veteran status, military status, disability or handicap, sexual orientation, genetic information or any other status protected by federal, state or local law. In addition, CARFAX will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. We are a participant in E-Verify.