Job
Description
What drives us? Imagine this: a single tap on your phone unlocks a world where car ownership is seamless and stress-free. From finding the perfect car to maintaining it and eventually selling it, CARS24 is redefining every step of the car ownership journey. Our mission is simple—let our customers enjoy the thrill of the open road while we take care of everything else. With cutting-edge technology, data science, and customer insights, we’re building the ultimate Super App for car ownership. Already one of the world’s largest auto-tech companies, we’re only just beginning. What will you drive? Collaborate Across Teams: Work closely with all CARS24 teams to help them design and build secure systems and applications. Secure Architecture: Guide teams in creating secure software and infrastructure by recommending safe data storage, secure APIs, encryption, network protections, and robust system designs. Authentication & Access: Help teams implement strong authentication and authorization—like multi-factor authentication, secure password policies, and safe API access controls. Security Reviews & Testing: Conduct code reviews, architecture reviews, penetration testing, risk assessments, vulnerability scans, and threat modeling. Infrastructure Security: Assess and secure production, corporate, and cloud environments (AWS, GCP, Azure). Security Tooling & Automation: Build and maintain tools, scripts, and systems that automate security checks and help prevent security issues at scale. Monitoring & Detection: Set up and improve systems that detect and alert on possible attacks, abnormal activity, or data leaks that help teams respond quickly. Policy & Governance: Develop and manage central security policies and guidelines for cloud and on-prem infrastructure. Promote DevSecOps Culture: Advocate and enable security to be part of the development process from the start, so secure code and systems are everyone’s responsibility. Security Community & Brand: Represent CARS24 in the security community (such as through bug bounty programs, security blogs, etc.), and share best practices internally and externally. Who are we looking for? 2–5 years of hands-on experience in application/infrastructure security, DevSecOps, or related roles (SDE - 1 / SDE - II). Strong knowledge of AWS and/or GCP security concepts and cloud environments. Experience with secure code reviews, vulnerability assessments, and penetration testing. Proficiency in at least one scripting or programming language (Python, Go, Bash, etc.). Familiarity with security automation, monitoring tools, and best practices for incident detection and response. Understanding of modern authentication, authorization, and encryption mechanisms. Excellent problem-solving and analytical skills. Strong communication and collaboration skills. Passion for building secure systems, and a proactive, ownership-driven mindset. Show more Show less
