Senior Manager, Vulnerability Management and Application Security

Carmax

Hybrid

Quick summary

Work type: Hybrid
Location: Richmond, VA
Posted: 4 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $196k

$151k most similar roles pay here $246k

This listing doesn't post a salary. Most similar roles pay $167,862–$223,750.

Based on 240 similar postings.

Employer

About Carmax

CarMax is the largest used car retailer in the United States, offering a customer-friendly, no-haggle buying experience with a broad selection of quality used vehicles, financing, and vehicle protection plans. Industry: Automotive Retail

Carmax currently has 40 open roles on FindRole.

Most-posted roles

View all roles at Carmax

At a glance

TL;DR · Senior Manager, Vulnerability Management and Application Security

Apply Now Log in to save

As a Senior Manager of Vulnerability Management and Application Security at CarMax, you will lead the enterprise's security programs, focusing on vulnerability management and application security to enhance overall security posture. You will mentor a high-performing team, streamline processes, and deliver executive-level insights that influence decision-making across all levels. Your daily responsibilities include developing program roadmaps, managing budgets, creating risk-based remediation strategies, and fostering secure development practices within the software lifecycle. Key technologies and tools you’ll work with include vulnerability scanners, SAST, DAST, SIEM platforms, and network devices such as firewalls and switches. Ideal candidates have extensive experience in cybersecurity, application security, and leadership roles, along with relevant certifications like CISSP or CISM. This role is crucial for a company that operates on a large scale, requiring robust security measures to protect its technology environments and software delivery practices.

Skills

Vulnerability_Management Application_Security SAST DAST Software_Composition_Analysis SIEM Firewalls IDS_IPS Routers_Switches Secure_Development_Lifecycle CI/CD AI_in_Security Risk_Analysis Security_Assessments

What you'll do

Oversee and enhance enterprise vulnerability management and application security programs.
Develop and manage program roadmaps, budgets, and priorities for security assessments.
Create executive-ready reporting with clear documentation and risk insights.
Define and maintain standards, SLAs, and governance practices for security.
Lead remediation prioritization based on risk across infrastructure and engineering teams.
Coordinate responses to emerging threats and critical application security findings.
Mature application security capabilities such as SAST, DAST, and software composition analysis.

What we're looking for

8+ years of cybersecurity experience with focus on vulnerability management and application security.
5+ years designing or implementing secure information systems and application security practices.
3+ years in a security leadership role guiding teams or programs.
Possession of one or more certifications like CISA, CISSP, CEH, or SANS.
Experience with enterprise security technologies including vulnerability scanners and SIEM platforms.
Strong ability to analyze complex security findings and communicate risk effectively across diverse audiences.
Bachelor’s Degree in a technology-related field or equivalent experience preferred.

Similar roles

Senior Manager, Security Engineering, Application Security

Snap Inc.

Santa Monica, CA 8 days ago $276,000–$414,000

OWASP Top 10 SAST DAST SCA fuzzing manual code review Kubernetes CI/CD PostgreSQL AWS GCP Azure Python Java JavaScript React Node.js Zero Trust BeyondCorp

Save

Senior Manager, Cybersecurity Application and Cloud Security

Medtronic

Mounds View, MN +4 2 days ago $156,800–$235,200

AWS Azure GCP DevSecOps CI/CD Kubernetes Terraform CSPM CWPP CIEM NIST ISO 27001 SOC 2 CIS benchmarks SAST DAST SIEM Zero Trust

Hybrid

Save

Manager, Security Software Engineering

Anduril Industries

Costa Mesa, CA 16 days ago $191,000–$253,000

C Golang Rust Python Linux CI/CD Docker PostgreSQL Kubernetes AWS Terraform Git Jenkins Ansible Prometheus Grafana

Save

Senior Software Engineer - Application Security

Uber

Seattle, WA +1 3 days ago $202,000–$202,000

Go Python Java C Kafka RDBMS NoSQL REST gRPC AWS CI/CD Messaging Systems Distributed Systems Authentication Authorization Encryption Cloud Services Security Automation Code Scanning Vulnerability Remediation

Hybrid

Save

Senior Security Engineer - Application Security

Uber

Seattle, WA +3 17 days ago $202,000–$202,000

Go Python Java C REST APIs Kafka Docker CI/CD AWS GitHub PostgreSQL MongoDB Redis OAuth JWT OWASP Top 10 Swagger/OpenAPI GitLab Jenkins SonarQube Splunk

Save

Senior Software Engineer, Application Security

Anduril Industries

Boston, MA +3 16 days ago $191,000–$253,000

Go AWS Python CI/CD Terraform Kubernetes OPA/Rego CircleCI GitHub Actions Syft Trivy Grype Semgrep Nix Prometheus Grafana

Save