ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind & value for our customers. We do this with a combination of the industrys best technology & the worlds best people. As a result of our teams tireless effort & dedication, were growing at a staggering rate. ACV is attracting new people from widely different backgrounds & geographies who are invested in the genuine belief that we are creating something special.
We are looking for an experienced Product Security Engineer to join our team that can help us to strategically push forward the state of product security throughout ACV. The Product Security team is dedicated to identifying the most important Application & Product Security risks & use our passion for building things to mitigate or eliminate those risks. To get specific, here are some things our team works on:
- We work to ensure only legitimate users can access their accounts. Examples include:
- Two-factor Authentication (2FA) & WebAuthnVerified device protection for non-2FA users.
- Establishing a comprehensive User Behavior Analytics account protection program focusing on account security & protection
- We are passionate about projects where we can add defense in depth or secure by default security patterns. Examples include:
- Continually looking for modern web security standards we can leverage such as content security policy, samesite cookies etc. Build/operate an internal cryptographic service used by other Engineers & services throughout ACV.
Application Security Architecture
- We collaborate with Engineers throughout ACV to develop solutions to security obstacles that strike the best balance between security, usability, & convenience.
- Help to identify the most important strategic Product Security focus areas for the team & ACV itself
- Participate in Security Architecture discussions with other Engineering teams throughout ACV
- Stay current with emerging security standards & help to identify when & where they should be adopted at ACV
- Participate in the teams technical/architectural decision making
- Write robust, maintainable backend code
- Review code & lead group discussions about the projects were working on
- Develop systematic solutions to problems instead of focusing on one-off fixes
- Mentor other engineers
- Support & manage the SDLC Practice
- Partner with Application Security Testing Teams to integrate AST into CI/CD pipelines
- A passion for application security related problems
- 5+ years building software applications at scale
- 3+ years designing/architecting secure systems at scale
- Working knowledge of web application vulnerabilities & mitigations
- Known for being a great communicator & collaborator with excellent written & verbal communication skills
- Practical software development skills with C#, Python & Java
- Working knowledge of applied cryptography
- Working knowledge of modern web security standards
- Experience mitigating account security risks
- Experience using Git
- Customer Obsessed
- Trust by Default
- Ship to Learn
- Own the Outcome
- Growth Mindset
- Global Product, Global Team
- Anything is Possible
- Practice Kindness
ACV Auctions is an equal opportunity employer (EOE) & all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.