Events  Deals  Jobs 
    Sign in  
ACV Auctions // online auto auctions
Engineering, Full Time    Toronto, ON    Posted: Tuesday, April 13, 2021
Apply To Job

ACV Auctions is looking for an Application Security Engineer responsible for designing, building & improving key security mobile infrastructure components for ACV Auctions that perform at scale.  We value practical secure software, mobile development & instrumentation experience in addition to a thorough understanding of computer science fundamentals. The technologies you are familiar with are less important to us than your ability to solve complex software problems & apply software engineering best practices.

As an Application Security Engineer at ACV Auctions youll always be challenged to solve interesting & novel problems. If you are passionate about Security & working with bright & highly productive teams this role could be a great match.

What you will do:

  • Perform penetration testing against many different types of applications & networks.
  • Identify & exploit vulnerabilities in applications & networks.
  • Document technical issues identified during security assessments utilizing standard CWE & CVSS classifications.
  • Research emerging security topics & new attack vectors.
  • Work independently to meet customer & project deadlines.
  • Interact with customers in a collaborative consultative manner to deliver results, provide feedback & remediation recommendations on penetration testing findings.
  • Support & manage Companys application security testing instrumentation for integration into CI/CD & efficient delivery of focused & comprehensive test results.
  • Support the SDLC Program & Process

What you need know:

  • A year or more working in a work from home / remote capacity.
  • 5 or more years of penetration testing with 3 or more years of specific application & network / red team
  • Understanding of web architecture & protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.).
  • Development and/or source code review experience in at least several of the following languages/Scripting languages: C/C++, C#, VB.NET, ASP, PHP, Powershell, Python, Java or Javascript.
  • Understanding of how data flows through an application and/or network & connected components (SMTP, LDAP, Database servers).
  • Understanding of common software security issues & remediation techniques (OWASP top 10, SANS top 25, etc.).
  • Familiar with common Windows/Linux commands & scripting.
  • Familiarity with general application & network security concepts.
  • Ability to communicate effectively both written & verbal.
  • Familiar with OWASP Top 10 & CWE/SANS Top 25 classification systems.
  • Familiar with profiling an application or network, identifying threats, & developing test cases to target identified threats.
  • Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations.
  • Familiar with documenting & communicating results that may be consumed by both developers & management-level audiences.
  • Familiar with testing web applications, natively compiled binary applications, mobile applications, web services, & testing networks.
  • Familiar with using as many of the tools listed below (open to others not listed):

o Intercepting Proxies (i.e. Burp Suite, Charles, OWASP ZAP proxy, etc.).

o Web Service Testing Tools (i.e. soapUI).

o Disassemblers/Decompilers/Debuggers (IDA Pro, OllyDbg, WinDbg, jad, flare/flasm, SoThink

SWF Decompiler, Firebug, etc.).

o Exploit frameworks (Metasploit, Immunity CANVAS, CORE Impact)

o Vulnerability scanners (Nessus)

o OSINT discovery (Shodan, Maltego)

o IDEs (i.e. Visual Studio or Eclipse).

Preferred Skills/Experience:

  • Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major OR equivalent work experience
  • Current holder of penetration testing certifications such as OSCP, OSWP, GWAPT, GXPN, GPEN, CREST.
  • 2+ years of professional web-application development or source code review experience
  • Familiar with writing tools to aid in penetration testing.
  • Development experience with multi-tiered Internet applications
  • Development and/or architecture familiarity mobile applications, specifically iOS & Android
  • Experience conducting targeted phishing & related social engineering tests
  • Penetration testing experience with DevOps related technologies such as Docker, Kubernetes, & CI/CD tool environments.
  • Penetration testing & reverse engineering experience with embedded systems & hardware (i.e. IoT devices)
  • Experience developing custom scripts or tools used for vulnerability scanning & identification
  • Unix, Windows (negligible), or networking security experience
  • Development and/or architecture familiarity mobile applications, specifically Apple iOS & Android

ACV Auctions is an equal opportunity employer (EOE) & all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. 


Apply To Job
© 2021 GarysGuide      About    Feedback    Press    Terms