8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238

CarMax, the way your career should be! 

Do you want to play a key role in enhancing the Cybersecurity Program for a Fortune 500 company and national brand? Do you enjoy working in a collaborative environment where your ideas can help shape the direction and development of critical cybersecurity capabilities? 

Do you want to work with a team of talented Cyber Professionals that are keenly focused on solving complex security challenges and supporting Product innovation and velocity with technology?

Then your job search begins and ends here….

Who we are looking for:

The Solutions Architect, Cybersecurity on CarMax’s Security Architecture Team will represent the interests of the CISO and Cybersecurity best practices on all engagements.  The Solutions Architect, Cybersecurity will provide security advisory services to business and Technology team pertaining to system design, engineering, and implementation while promoting the protection, integrity and confidentiality of customer, vendor, employee, and business information in compliance with organization policies and standards.  Along with the rest of the Security Architecture team, you will also be advising on the Cybersecurity program and leading efforts to ensure we are maturing and innovating to keep up with Cybersecurity arms race.

The Solutions Architect, Cybersecurity will utilize proven consulting skills to deliver design and engineering services with a specific focus on the security domain. Ensure IT solutions are aligned effectively with CarMax’s evolving security direction and posture while acting as a security subject matter expert.  Utilize security technologies and industry standards to promote confidentiality, integrity and availability of CarMax’s information assets.

The Day to Day:

§ Provide strong expertise in Information Security support including compliance driven initiatives

§ Deliver “hands-on” security expertise in support of the CarMax Environment 

§ Document the security architecture and architectural decisions related to security

§ Stay abreast of security trends and new technologies that will enhance CarMax’s current and future data security architecture. 

§ Perform security related services and process assessments/evaluations based on industry standards and common practices (e.g. NIST CSF, OWASP, and ISO).

§ Responsible for leading and directing security implementation throughout the system development lifecycle across the complete stack (i.e. physical, data, network, transport, session, presentation, and application) for both Cloud (predominately) and remaining on-prem.

§ Utilize information security tools to identify potential threats

§ Document and speak to risks, mitigation, and alternatives

Team Development

§ Educates, trains, and provides support to junior team members on newly adopted security technologies and processes

§ Reviews and advises on program-related documentation for team members

§ Partners with other Technology and Product teams in completing assigned tasks/projects

Leadership:

§ Leads the security requirements in large transformational efforts to resolve enterprise problems by influencing across multiple organizational levels in both IT and business

§ Mentors others in security best practices, procedures and concepts

§ Steers the relevant support tasks of other Associates

§ Steers cybersecurity solutions through building consensus in both business and technical perspectives

§ Influences the security technical direction of others to drive all projects to successful completion within architectural standards and guidance

§ Proven ability to effectively communicate architectural standards, leading practices, and effectively explain the “why” of security

Position Requirements:

To perform this position successfully, an individual must be able to consistently execute each essential duty & responsibility as well as consistently show proficiency with the following qualifications. The requirements listed below are representative of the knowledge, skill, and/or ability required.
 

§ Ability to design complex systems that impact multiple infrastructure domains across IT Operations and Development teams while accounting for security considerations.

§ Demonstrate ownership of the design aspects of the operations lifecycle

§ Consistently show the ability to mentor others in the production of all artifacts required of an Engineer, Analyst or Principal Analyst

§ Analyze business and technical requirements to determine system design requirements, identify potential issues, and perform cost analysis related to each project.

§ Ability to strategically analyze the risks, benefits, and opportunities associated with a proposed design or solution

§ Broad understanding of the business processes implemented across organization.

§ Able to effectively estimate time required for technical efforts for projects of all sizes

§ Investigate new technologies and techniques and research ongoing industry developments

§ Assist in forecasting security technology implementation budgets

Here's the technology part…

Experience with the following required:

§ Experience with cloud computing security configuration and administration (Microsoft Azure or AWS) for both SaaS and IaaS models and web application security and working with Product frameworks and OKRs

§ Experience with detailing security user stories/requirements and generating technical specifications for all systems within IT operations.

§ Demonstrated ability to design and implement security infrastructure, applications, networks, systems and equipment that impact multiple environments across all of CarMax Technology.

§ Proven experience designing modifications to existing systems, designing reusable components, and elimination of redundancy in designs throughout Technology Operations.

Experience with the following preferred:

§ Demonstrate technical infrastructure architectural knowledge, playing a vital role in design of production, staging, QA and development infrastructures running in a 24×7 environment

§ Experience in multiple large projects in influencing the definition, selection, and implementation of security tools, technologies, and processes

§ Establish level of service standards and operating procedures for overall system availability and individual system components

§ Produce security architecture and design documents to effectively hand over to other departments for successful implementation

§ Knowledge of current and emerging industry technologies 

Education and/or Experience:

§ Approximately 10 years within Technology with a concentration on Cybersecurity and Application Security.  Security design and implementation experience required.

§ 4-year bachelor’s degree in Computer Science, Cybersecurity, or Technology related course of study preferred or comparable OJT and work experience

§ Experience in a broad range of Technology systems required

§ In depth knowledge of information security industry frameworks and standards NIST, OWASP, ISO-27001/2, SANS, COBIT, ITIL, Mitre ATT&CK, etc.

§ Knowledge of cybersecurity best practices such as PCI, ITGC’s, HIPAA and Privacy

§ Security certifications (CISSP, CISM, Security +) preferred.

NOTE: This is a remote work opportunity

Upon an applicant's request, CarMax will consider reasonable accommodation to complete the CarMax Job Application.