Apply on Employer Site

CarMax · 16 hours ago

Cybersecurity Engineer II – Application Security

Corporate - Richmond

Full-time

Hybrid

Entry, Mid Level

2+ years exp

CarMax is a leading retailer of used cars, recognized for its commitment to training and diversity. The Cybersecurity Engineer II will enhance the security program by implementing application security solutions and providing guidance on security findings, while collaborating with development teams to embed security into the software development lifecycle.

AutomotiveMarketplaceOnline Portals

No H1B

Responsibilities

Implement, operate, and continuously improve application security solutions, including SAST, DAST, API security, container security, and software composition analysis (SCA)

Support development and product teams by providing functional and technical guidance on application security findings and remediation approaches

Assist in embedding security into the software development lifecycle (SDLC) through tooling, automation, and collaborative partnerships with engineering teams rather than enforcement-based gates

Contribute to security automation efforts in CI/CD pipelines, leveraging security-as-code principles where applicable

Collaborate with senior engineers on threat modeling activities for web, API, and serverless applications

Learn and apply secure design principles for Azure and Azure Functions

Independently manage assigned tasks and smaller projects, escalating risk or complexity as appropriate

Effectively triage support issues and respond with the appropriate level of urgency

Participate in a 24x7 on-call rotation as scheduled, including limited after-hours support when needed

Qualification

Application SecurityAzure FunctionsSASTDAST toolsDevSecOpsProgrammingScriptingThreat ModelingAnalytical SkillsSecurity+ CertificationCSSLP CertificationCommunication SkillsTime ManagementProblem-Solving SkillsOrganization Skills

Required

Relevant experience in cybersecurity, application development, DevSecOps, or a closely related technical discipline

Strong foundational knowledge of application security concepts, web vulnerabilities (OWASP Top 10), and secure coding principles

Practical knowledge of Azure and serverless application security, including hands-on exposure to Azure Functions

Functional experience with at least one programming or scripting language (e.g., Python, PowerShell, JavaScript, .NET)

Hands-on exposure to SAST and/or DAST tools, including interpreting findings and recommending remediation

Familiarity with Azure-native application architectures, CI/CD pipelines, and DevSecOps concepts, with interest in security automation

Strong analytical, troubleshooting, and problem-solving skills

Effective written and verbal communication skills, with the ability to explain security concepts to technical audiences

Strong organization, time management, and prioritization skills

Bachelor's degree in computer science, Engineering, Cybersecurity, or a related field, or equivalent alternative education, skills, and/or practical experience

2+ years of work experience in cybersecurity or other areas directly relevant to cybersecurity responsibilities

Knowledge of developer tools such as GitHub, Azure DevOps, and TeamCity

Understanding of development and product teams and DevSecOps best practices

Security certifications such as Security+ or CSSLP (or progress toward advanced certifications)

Preferred

Experience with API security, container security, or Kubernetes security concepts

Exposure to threat modeling methodologies for applications and services, including serverless architectures

Basic understanding of applied cryptography, web security, TLS/SSL, and authentication protocols (e.g., OAuth, SAML)

Interest in using automation or AI-assisted tooling to improve security efficiency (e.g., triage, code review assistance)

Company

CarMax

Glassdoor3.7

CarMax provides an online platform for searching new and used cars, researching models, and comparing vehicles.

Founded in 1993

Richmond, Virginia, USA

10001+ employees

http://www.carmax.com

Funding

Current Stage

Public Company

Total Funding

$98.19M

2021-06-08Post Ipo Equity· $98.19M

1997-01-05IPO

Leadership Team

Tom Reedy

EVP & Chief Financial Officer

Charles Joseph Wilson

Executive Vice President, Chief Operating Officer

Recent News

Arkansas Business — Business News, Real Estate, Law, Construction

📍What’s New: Business Openings Across Arkansas

2026-01-23

EIN Presswire

Blue Ridge Automotive Marks Regional Growth with Comprehensive Certifications Across Atlanta Metro

2026-01-22

The Virginian-Pilot

CarMax lays off 230 employees, 113 in Richmond area

2026-01-17

Company data provided by crunchbase