AppSec Jobs
← Back to all jobs

CDK Global

Lead Security Engineer - Platform

Hyderabad, Telangana, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About CDK Global

CDK Global is a prominent provider of integrated software and technology solutions for automotive dealerships, based in Austin, Texas. Founded in 2014 as a spin-off from ADP Dealer Services, the company focuses on empowering dealers to manage their operations, sales, and customer relationships through subscription-based SaaS platforms. CDK Global has a rich history in automotive technology, having evolved from its predecessor operations that date back to 1972. The company offers a comprehensive suite of solutions tailored for automotive retailers, including a flagship Dealer Management System (DMS) that supports vehicle sales, financing, and service management. Additional offerings include digital retail tools, customer relationship management (CRM) systems, finance and insurance solutions, and the Neuron Intelligent Data Platform for data management and analytics. CDK Global serves a diverse range of clients, including automotive dealerships and original equipment manufacturers (OEMs), and is recognized for its supportive workplace culture.

Industry

information technology & services

Employees

6,500

1267 engineers

Revenue

$1.7B

Website

Visit →

Security at CDK Global

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • CDK emphasizes a cloud-native approach with integrated observability and proactive mitigation.
  • The company proactively monitors and mitigates threats around the clock.
  • The AppSec philosophy prioritizes embedding security early in the software development lifecycle and focuses on compliance and proactive threat landscape analysis specific to the automotive dealership industry.
  • Current strategic focus includes securing emerging AI technologies and evaluating AI-enabled or LLM-integrated services for vulnerabilities like prompt injection.

Security Team

  • The team is described as a 'broader Application Security function' that includes specialized sub-teams like DAST.
  • This position is a key part of CDK's broader Application Security function and requires collaboration with the DAST team.
  • Key leadership includes Sergey Tsygalnitsky, VP, Chief Information Security Officer.
  • The team actively emphasizes CI/CD integration, SAST/SCA automation, and vulnerability management through tools like DefectDojo.

Key Initiatives

  • CDK's 'shift left' approach focuses on pipeline automation and SBOM validation.
  • Key initiatives include implementing and optimizing security controls in CI/CD pipelines through SAST, SCA, and SBOM validation.
  • The vulnerability management process utilizes a centralized system (DefectDojo) for documentation and tracking.
  • The team is responsible for creating and contributing to AppSec playbooks, checklists, and guidelines.
  • Recent initiatives include evaluation of AI and LLM security risks.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.