Cox Automotive Inc.
Lead Application Security Engineer - 19562
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Cox Automotive Inc.
Cox Automotive Inc. is a global leader in automotive services and technology, based in Atlanta, Georgia. As a subsidiary of Cox Enterprises, the company employs over 25,000 people and serves more than 45,000 clients across five continents, generating over $9 billion in annual revenue. Established in 2014, Cox Automotive consolidates a range of trusted brands, including Autotrader®, Kelley Blue Book®, and Manheim®. The company offers a comprehensive suite of products and services that cover nearly every aspect of the automotive lifecycle. This includes vehicle auctions through Manheim, online marketplaces via Autotrader.com, and vehicle valuation services from Kelley Blue Book. Additionally, Cox Automotive provides software solutions for dealers, financial services through NextGear Capital, and technology tools for inventory management and pricing strategies. With operations in over 90 countries, Cox Automotive plays a significant role in the automotive digital marketplace, serving a diverse customer base that includes car shoppers, dealers, and fleet owners.
Security at Cox Automotive Inc.
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Stated AppSec Mission: "The vision at Cox Automotive is to transform the way the world buys, sells, owns, and uses cars."– Veracode Success Story (https://www.veracode.com/wp-content/uploads/Cox-automotive-success-story.pdf), ⚠️ Developer Enablement vs. Gatekeeping: "Partner with Security Engineering Enablement and Security Architecture"– Lead Application Security Engineer (Job ID r202568049), Job Posting , Risk Philosophy: "allows for multiple layers of integration within its software delivery lifecycle."– Veracode Success Story (https://www.veracode.com/wp-content/uploads/Cox-automotive-success-story.pdf), ⚠️ Stated Pain Points or Goals (Verbatim): "to release new software that transforms the automotive industry"– Veracode Success Story (https://www.veracode.com/wp-content/uploads/Cox-automotive-success-story.pdf), ⚠️ Gaps & Contradictions: Information not publicly available for explicit AppSec philosophical statements from Cox Automotive leadership beyond vendor and job-posting excerpts.”
Security Team
Org Structure & Reporting Line: "The team is the Center of Excellence (COE) for Application Security, Web Application Firewalls and Cloud Security."– Glassdoor job listing (https://www.glassdoor.com/job-listing/lead-application-security-engineer-19562-cox-automotive-JV_IC5022124_KO0,40_KE41,55.htm?jl=1009914814463), Third-Party Job Posting, Key Public-Facing Leaders: Tabrez Naqvi, Director of Information Security and Risk – Profile mention in vendor case studies and directories Profile link(s): Veracode Success Story & directory listings (see citations) Key Quote: "The vision at Cox Automotive is to transform the way the world buys, sells, owns, and uses cars."– Veracode Success Story, ⚠️ Team Size Estimate (as_of:): Information not publicly available. LinkedIn Search Query Used: "site:linkedin.com Cox Automotive "application security" OR "AppSec""(search conducted during collection) Result: Information not publicly available (insufficient public LinkedIn aggregate data to estimate precisely). Active AppSec Job Postings (as_of:): Count: 1 (Lead Application Security Engineer, Job ID r202568049) – jobs.coxenterprises.com, Job Posting , Common Skill/Tool Patterns (from job posting): "Use scripting/automation (Python, PowerShell, Bash, REST APIs, Terraform modules, GitHub Actions/Azure DevOps/GitLab CI)"– Lead Application Security Engineer (Job ID r202568049), Job Posting , "Partner with Cloud Platform teams to harden AWS/Azure/GCP environments using CSPM/CNAPP controls, guardrails, and baselines"– Lead Application Security Engineer (Job ID r202568049), Job Posting , Gaps & Contradictions: No public, dated org chart or explicit reporting line (e.g., to CISO or CTO) found in available sources.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.