Events  Deals  Jobs 
    Sign in  
 
 
ACV Auctions // online auto auctions
 
Engineering, Full Time    Toronto, ON    Posted: Wednesday, June 23, 2021
 
   
 
Apply To Job
 
 
JOB DETAILS
 

ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind & value for our customers. We do this with a combination of the industrys best technology & the worlds best people. As a result of our teams tireless effort & dedication, were growing at a staggering rate. ACV is attracting new people from widely different backgrounds & geographies who are invested in the genuine belief that we are creating something special.   

We are looking for an experienced Product Security Engineer to join our team that can help us to strategically push forward the state of product security throughout ACV. The Product Security team is dedicated to identifying the most important Application & Product Security risks & use our passion for building things to mitigate or eliminate those risks. To get specific, here are some things our team works on:

Account Security

  • We work to ensure only legitimate users can access their accounts. Examples include: 
    • Two-factor Authentication (2FA) & WebAuthnVerified device protection for non-2FA users. 
    • Establishing a comprehensive User Behavior Analytics account protection program focusing on account security & protection 
  • We are passionate about projects where we can add defense in depth or secure by default security patterns. Examples include: 
    • Continually looking for modern web security standards we can leverage such as content security policy, samesite cookies etc. Build/operate an internal cryptographic service used by other Engineers & services throughout ACV.

Application Security Architecture

  • We collaborate with Engineers throughout ACV to develop solutions to security obstacles that strike the best balance between security, usability, & convenience.

Responsibilities:

  • Help to identify the most important strategic Product Security focus areas for the team & ACV itself 
  • Participate in Security Architecture discussions with other Engineering teams throughout ACV 
  • Stay current with emerging security standards & help to identify when & where they should be adopted at ACV 
  • Participate in the teams technical/architectural decision making 
  • Write robust, maintainable backend code 
  • Review code & lead group discussions about the projects were working on
  • Develop systematic solutions to problems instead of focusing on one-off fixes 
  • Mentor other engineers
  • Support & manage the SDLC Practice
  • Partner with Application Security Testing Teams to integrate AST into CI/CD pipelines

Minimum Qualifications:

  • A passion for application security related problems 
  • 5+ years building software applications at scale 
  • 3+ years designing/architecting secure systems at scale
  • Working knowledge of web application vulnerabilities & mitigations 
  • Known for being a great communicator & collaborator with excellent written & verbal communication skills 

Preferred Qualifications:

  • Practical software development skills with C#, Python & Java
  • Working knowledge of applied cryptography 
  • Working knowledge of modern web security standards 
  • Experience mitigating account security risks 
  • Experience using Git 

Leadership Principles:

  • Customer Obsessed
  • Trust by Default
  • Ship to Learn
  • Own the Outcome
  • Growth Mindset
  • Global Product, Global Team
  • Anything is Possible
  • Practice Kindness

 ACV Auctions is an equal opportunity employer (EOE) & all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. 

#LI-JK1

 
 
 
Apply To Job
 
 
 
 
 
© 2021 GarysGuide      About    Feedback    Press    Terms