Events  Deals  Jobs 
    Sign in  
 
 
ACV Auctions // online auto auctions
 
Engineering, Full Time    Toronto, ON    Posted: Tuesday, April 13, 2021
 
   
 
Apply To Job
 
 
JOB DETAILS
 

ACV Auctions is looking for an Application Security Engineer responsible for designing, building & improving key security mobile infrastructure components for ACV Auctions that perform at scale.  We value practical secure software, mobile development & instrumentation experience in addition to a thorough understanding of computer science fundamentals. The technologies you are familiar with are less important to us than your ability to solve complex software problems & apply software engineering best practices.

As an Application Security Engineer at ACV Auctions youll always be challenged to solve interesting & novel problems. If you are passionate about Security & working with bright & highly productive teams this role could be a great match.

What you will do:

  • Perform penetration testing against many different types of applications & networks.
  • Identify & exploit vulnerabilities in applications & networks.
  • Document technical issues identified during security assessments utilizing standard CWE & CVSS classifications.
  • Research emerging security topics & new attack vectors.
  • Work independently to meet customer & project deadlines.
  • Interact with customers in a collaborative consultative manner to deliver results, provide feedback & remediation recommendations on penetration testing findings.
  • Support & manage Companys application security testing instrumentation for integration into CI/CD & efficient delivery of focused & comprehensive test results.
  • Support the SDLC Program & Process

What you need know:

  • A year or more working in a work from home / remote capacity.
  • 5 or more years of penetration testing with 3 or more years of specific application & network / red team
  • Understanding of web architecture & protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.).
  • Development and/or source code review experience in at least several of the following languages/Scripting languages: C/C++, C#, VB.NET, ASP, PHP, Powershell, Python, Java or Javascript.
  • Understanding of how data flows through an application and/or network & connected components (SMTP, LDAP, Database servers).
  • Understanding of common software security issues & remediation techniques (OWASP top 10, SANS top 25, etc.).
  • Familiar with common Windows/Linux commands & scripting.
  • Familiarity with general application & network security concepts.
  • Ability to communicate effectively both written & verbal.
  • Familiar with OWASP Top 10 & CWE/SANS Top 25 classification systems.
  • Familiar with profiling an application or network, identifying threats, & developing test cases to target identified threats.
  • Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations.
  • Familiar with documenting & communicating results that may be consumed by both developers & management-level audiences.
  • Familiar with testing web applications, natively compiled binary applications, mobile applications, web services, & testing networks.
  • Familiar with using as many of the tools listed below (open to others not listed):

o Intercepting Proxies (i.e. Burp Suite, Charles, OWASP ZAP proxy, etc.).

o Web Service Testing Tools (i.e. soapUI).

o Disassemblers/Decompilers/Debuggers (IDA Pro, OllyDbg, WinDbg, jad, flare/flasm, SoThink

SWF Decompiler, Firebug, etc.).

o Exploit frameworks (Metasploit, Immunity CANVAS, CORE Impact)

o Vulnerability scanners (Nessus)

o OSINT discovery (Shodan, Maltego)

o IDEs (i.e. Visual Studio or Eclipse).

Preferred Skills/Experience:

  • Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major OR equivalent work experience
  • Current holder of penetration testing certifications such as OSCP, OSWP, GWAPT, GXPN, GPEN, CREST.
  • 2+ years of professional web-application development or source code review experience
  • Familiar with writing tools to aid in penetration testing.
  • Development experience with multi-tiered Internet applications
  • Development and/or architecture familiarity mobile applications, specifically iOS & Android
  • Experience conducting targeted phishing & related social engineering tests
  • Penetration testing experience with DevOps related technologies such as Docker, Kubernetes, & CI/CD tool environments.
  • Penetration testing & reverse engineering experience with embedded systems & hardware (i.e. IoT devices)
  • Experience developing custom scripts or tools used for vulnerability scanning & identification
  • Unix, Windows (negligible), or networking security experience
  • Development and/or architecture familiarity mobile applications, specifically Apple iOS & Android

ACV Auctions is an equal opportunity employer (EOE) & all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. 

#LI-AM1

 
 
 
Apply To Job
 
 
 
 
 
© 2021 GarysGuide      About    Feedback    Press    Terms