Senior Manager, Security Engineering and Architecture

<div class="content-intro"><p><strong>Who we are</strong></p> <p>At CarGurus (NASDAQ: CARG), our mission is to give people the power to reach their destination. We started as a small team of developers determined to bring trust and transparency to car shopping. Since then, our history of innovation and go-to-market acceleration has driven industry-leading growth. In fact, we’re the largest and fastest-growing automotive marketplace, and we’ve been profitable for over 15 years.</p> <p><strong>What we do</strong></p> <p>The market is evolving, and we are too, moving the entire automotive journey online and guiding our customers through every step. That includes everything from the sale of an old car to the financing, purchase, and delivery of a new one. Today, tens of millions of consumers visit CarGurus.com each month, and ~30,000 dealerships use our products. But they're not the only ones who love CarGurus—our employees do, too. We have a people-first culture that fosters kindness, collaboration, and innovation, and empowers our Gurus with tools to fuel their career growth. Disrupting a trillion-dollar industry requires fresh and diverse perspectives. Come join us for the ride!</p></div><p><strong>Role overview</strong></p> <p>We are seeking a Senior Manager of Security Engineering and Architecture to lead our Application and Cloud Security programs. Reporting to the Director Information Security, you will lead a team of high-caliber engineers responsible for the security of our AWS environment, data intelligence pipeline, and internal software products.</p> <p>This is a "builder-first" leadership role. You will bridge the gap between abstract security architecture and concrete software development, ensuring that our products—especially our emerging AI/ML features—are secure by design and our cloud infrastructure is resilient by default.</p> <p><strong>What you'll do</strong></p> <ul> <li>Lead the strategic design of secure AI lifecycles. You will implement technical guardrails for the "Data-to-Inference" pipeline, protecting against Data Poisoning, Adversarial Evasion, and Model Extraction attacks.</li> <li>Serve as the primary technical authority on our AI Governance Committee. You will define "Secure-by-Design" standards for LLM integration, ensuring alignment with ISO 42001 and the OWASP Top 10 for LLM Applications.</li> <li>Champion the implementation of technical controls within the CI/CD pipeline. You will ensure that security testing (SAST/DAST/SCA) and ML-BOM (Machine Learning Bill of Materials) tracking are frictionless parts of our agile development lifecycle.</li> <li>Oversee the design of secure architectures in AWS, ensuring that identity (IAM), data protection, and network security are baked into our multi-account environment using Terraform and Policy-as-Code.</li> <li>Champion the security architecture for our Snowflake data platform, implementing advanced RBAC models and encryption standards that satisfy global privacy frameworks (GDPR/CPRA).</li> <li>Encourage your team to experiment with novel security tools and "pave the road" for developers to move fast without compromising safety.</li> <li>Proactively manage the growth of your engineering team. You will create experiential opportunities for engineers to move between application security, cloud infra, and adversarial AI research.</li> <li>Work alongside Product and Engineering leaders to reconcile security requirements with business velocity, ensuring we deliver secure results together.</li> </ul> <p><strong>What you'll bring</strong></p> <ul> <li>10+ years in Information Security or Software Engineering, with at least 5 years of hands-on software development experience (e.g., Python, Go, Java).</li> <li>5+ years in a formal leadership role, with a proven track record of managing senior and staff-level security engineers.</li> <li>Deep familiarity with the MITRE ATLAS™ framework. You understand how to defend "Agentic" AI systems against Prompt Injection a ... (truncated, view full listing at source)