Cybersecurity Engineer II – Application Security jobs in United States
cer-icon
Apply on Employer Site
company-logo

CarMax · 13 hours ago

Cybersecurity Engineer II – Application Security

positionCorporate - Richmond
timeFull-time
remoteHybrid
seniorityEntry, Mid Level
date2+ years exp

CarMax is a leading retailer of used cars, recognized for its commitment to training and diversity. The Cybersecurity Engineer II will enhance the security program by implementing application security solutions and providing guidance on security findings, while collaborating with development teams to embed security into the software development lifecycle.

AutomotiveMarketplaceOnline Portals
badNo H1Bnote

Responsibilities

Implement, operate, and continuously improve application security solutions, including SAST, DAST, API security, container security, and software composition analysis (SCA)
Support development and product teams by providing functional and technical guidance on application security findings and remediation approaches
Assist in embedding security into the software development lifecycle (SDLC) through tooling, automation, and collaborative partnerships with engineering teams rather than enforcement-based gates
Contribute to security automation efforts in CI/CD pipelines, leveraging security-as-code principles where applicable
Collaborate with senior engineers on threat modeling activities for web, API, and serverless applications
Learn and apply secure design principles for Azure and Azure Functions
Independently manage assigned tasks and smaller projects, escalating risk or complexity as appropriate
Effectively triage support issues and respond with the appropriate level of urgency
Participate in a 24x7 on-call rotation as scheduled, including limited after-hours support when needed

Qualification

Application SecurityAzure FunctionsSASTDAST toolsDevSecOpsProgrammingScriptingThreat ModelingAnalytical SkillsSecurity+ CertificationCSSLP CertificationCommunication SkillsTime ManagementProblem-Solving SkillsOrganization Skills

Required

Relevant experience in cybersecurity, application development, DevSecOps, or a closely related technical discipline
Strong foundational knowledge of application security concepts, web vulnerabilities (OWASP Top 10), and secure coding principles
Practical knowledge of Azure and serverless application security, including hands-on exposure to Azure Functions
Functional experience with at least one programming or scripting language (e.g., Python, PowerShell, JavaScript, .NET)
Hands-on exposure to SAST and/or DAST tools, including interpreting findings and recommending remediation
Familiarity with Azure-native application architectures, CI/CD pipelines, and DevSecOps concepts, with interest in security automation
Strong analytical, troubleshooting, and problem-solving skills
Effective written and verbal communication skills, with the ability to explain security concepts to technical audiences
Strong organization, time management, and prioritization skills
Bachelor's degree in computer science, Engineering, Cybersecurity, or a related field, or equivalent alternative education, skills, and/or practical experience
2+ years of work experience in cybersecurity or other areas directly relevant to cybersecurity responsibilities
Knowledge of developer tools such as GitHub, Azure DevOps, and TeamCity
Understanding of development and product teams and DevSecOps best practices
Security certifications such as Security+ or CSSLP (or progress toward advanced certifications)

Preferred

Experience with API security, container security, or Kubernetes security concepts
Exposure to threat modeling methodologies for applications and services, including serverless architectures
Basic understanding of applied cryptography, web security, TLS/SSL, and authentication protocols (e.g., OAuth, SAML)
Interest in using automation or AI-assisted tooling to improve security efficiency (e.g., triage, code review assistance)

Company

CarMax

twittertwittertwitter
Glassdoor3.7
company-logo
CarMax provides an online platform for searching new and used cars, researching models, and comparing vehicles.
dateFounded in 1993
location
Richmond, Virginia, USA
people-size10001+ employees
web-link
http://www.carmax.com

Funding

Current Stage
Public Company
Total Funding
$98.19M
2021-06-08Post Ipo Equity· $98.19M
1997-01-05IPO

Leadership Team

T
Tom Reedy
EVP & Chief Financial Officer
linkedin
leader-logo
Charles Joseph Wilson
Executive Vice President, Chief Operating Officer
linkedin

Recent News

Arkansas Business — Business News, Real Estate, Law, Construction
📍What’s New: Business Openings Across Arkansas
2026-01-23
EIN Presswire
Blue Ridge Automotive Marks Regional Growth with Comprehensive Certifications Across Atlanta Metro
2026-01-22
The Virginian-Pilot
CarMax lays off 230 employees, 113 in Richmond area
2026-01-17
Company data provided by crunchbase