CarMax · 22 hours ago
Engineer II, Cybersecurity (Application Security)
Richmond, VA
Full-time
Onsite
Entry, Mid Level
2+ years expCarMax is a national brand recognized for its workplace culture, and they are seeking a Cybersecurity Engineer II to enhance their Application Security Program. The role involves implementing and improving application security solutions, collaborating with development teams, and contributing to security automation efforts.
MarketplacePublishingAutomotiveOnline Portals
No H1B
Hiring Manager
Terry Domino
Responsibilities
Implement, operate, and continuously improve application security solutions, including SAST, DAST, API security, container security, and software composition analysis (SCA)
Support development and product teams by providing functional and technical guidance on application security findings and remediation approaches
Assist in embedding security into the software development lifecycle (SDLC) through tooling, automation, and collaborative partnerships with engineering teams rather than enforcement-based gates
Contribute to security automation efforts in CI/CD pipelines, leveraging security-as-code principles where applicable
Collaborate with senior engineers on threat modeling activities for web, API, and serverless applications
Learn and apply secure design principles for Azure and Azure Functions
Independently manage assigned tasks and smaller projects, escalating risk or complexity as appropriate
Effectively triage support issues and respond with the appropriate level of urgency
Participate in a 24x7 on-call rotation as scheduled, including limited after-hours support when needed
Qualification
Required
Relevant experience in cybersecurity, application development, DevSecOps, or a closely related technical discipline
Strong foundational knowledge of application security concepts, web vulnerabilities (OWASP Top 10), and secure coding principles
Practical knowledge of Azure and serverless application security, including hands-on exposure to Azure Functions
Functional experience with at least one programming or scripting language (e.g., Python, PowerShell, JavaScript, .NET)
Hands-on exposure to SAST and/or DAST tools, including interpreting findings and recommending remediation
Familiarity with Azure-native application architectures, CI/CD pipelines, and DevSecOps concepts, with interest in security automation
Strong analytical, troubleshooting, and problem-solving skills
Effective written and verbal communication skills, with the ability to explain security concepts to technical audiences
Strong organization, time management, and prioritization skills
Preferred
Experience with API security, container security, or Kubernetes security concepts
Exposure to threat modeling methodologies for applications and services, including serverless architectures
Basic understanding of applied cryptography, web security, TLS/SSL, and authentication protocols (e.g., OAuth, SAML)
Interest in using automation or AI-assisted tooling to improve security efficiency (e.g., triage, code review assistance)
Company
CarMax
CarMax provides an online platform for searching new and used cars, researching models, and comparing vehicles.
10001+ employees
Funding
Current Stage
Public CompanyTotal Funding
$98.19M2021-06-08Post Ipo Equity· $98.19M
1997-01-05IPO
Leadership Team
T
Tom Reedy
EVP & Chief Financial Officer
Charles Joseph Wilson
Executive Vice President, Chief Operating Officer
Recent News
Arkansas Business — Business News, Real Estate, Law, Construction
2026-01-23
The Virginian-Pilot
2026-01-17
Company data provided by crunchbase