Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We’re more than just a company: We help millions of consumers make more-informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment.
The Cyber Security Engineer plays a vital role in safeguarding the organization's information assets by designing, implementing, and maintaining robust security measures. This role involves identifying and mitigating security vulnerabilities, responding to security incidents, and ensuring compliance with security policies and standards. The Cyber Security Engineer collaborates with various IT and business teams to integrate security best practices into every aspect of the organization's operations.
At CARFAX, we believe in the power of teamwork and value in-person interactions so that we can collaborate and thrive together. This position will require 3 days per week in our Centreville, VA office subject to change with future business needs.
What you’ll be doing:
Design, deploy, and maintain security solutions such as Endpoint Detection and Response (EDR), data-loss prevention (DLP), web application firewalls (WAF), zero-trust, and other security detection/prevention technologies.
Lead the investigation and response to security incidents and breaches, ensuring timely resolution and documentation, while monitoring security alerts and events using Security Information and Event Management (SIEM) systems
Conduct regular vulnerability assessments and security audits to identify and remediate security gaps.
Maintain application static/dynamic/dependency scans and conduct penetration testing for identifying risks and coordinate reporting and remediation with stakeholders
Configure and maintain cloud and infrastructure security configurations to ensure a secure enterprise risk posture.
Serve as a subject matter expert on cybersecurity issues and provide guidance to stakeholders and other business units.
Maintain detailed documentation of security policies, procedures, incident response activities, and assessment results.
Assist with risk assessments and compliance activities to identify potential security risks and develop strategies to mitigate them.
Evaluate and recommend new security tools and technologies to enhance the organization's security posture.
What we’re looking for:
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master’s degree preferred.
Professional certifications such as CISSP, CEH, CISM, or equivalent.
Minimum of 3-5 years of experience in cybersecurity engineering or a related role.
Strong technical skills and experience with security technologies (e.g., SIEM, Endpoint Detect & Response, firewalls, IDS/IPS).
Working knowledge of Vulnerability Managements, Cloud Security, Application Security, Incident Response., and Security Awareness & Training
Working knowledge of security tools, languages and operating systems used in security practices (BURP Suite, Nessus, NMAP, Python, Kali Linux, etc.)
In-depth knowledge of cybersecurity principles, protocols, and best practices.
Experience with regulatory requirements and compliance standards (e.g., ISO 27001, NIST, PCI-DSS, HIPAA, GDPR).
Excellent analytical, problem-solving, decision-making and communication skills.
Ability to manage multiple tasks and projects in a fast-paced environment.
Proven ability to work independently and as part of a team.
What’s in it for you:
Competitive compensation, benefits and generous time-off policies
4-Day summer work weeks and a winter holiday break
401(k) / DCPP matching
Annual bonus program
Casual, dog-friendly, and innovative office spaces