Events  Deals  Jobs 
    Sign in  
 
 
ACV Auctions // online auto auctions
 
Engineering, Full Time    Seattle, WA    Posted: Friday, August 06, 2021
 
   
 
Apply To Job
 
 
JOB DETAILS
 

Lead SecOps Engineer, Data Security & Privacy

ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind & value for our customers. We do this with a combination of the industrys best technology & the worlds best people. As a result of our teams tireless effort & dedication, were growing at a staggering rate. ACV is attracting new people from widely different backgrounds & geographies who are invested in the genuine belief that we are creating something special.  

ACV Auctions is looking for a Lead SecOps Engineer, Data Security & Privacy. The Data Security & Privacy SecOps Engineer is someone who is passionate about building & managing Security Infrastructure & Business Practices & enhancement that drive effective data risk management & reduction. In this role you will be responsible for creating a model of Security for the cloud resources that supports the ACV Platform. This includes the AWS & GCP along with nodes that host K8 clusters & other third party partners.

We are building a layered Security approach which means the SecOps Engineer will need to work hand in hand with teams such as Infrastructure, AppSec, Detection & Response, Development Teams & compliance to ensure the flow from Applications to APIs to Cloud Resources are secured. In lieu of layering Security controls the person in this role will be working to enhance & strengthen the Security Controls within our environment as a whole, such as: anti-phishing gateways, EDR, AV, firewalls, IDS/IPS systems, AWS Security Hub. Further this position is not only about growing ACV's capabilities but our associates as well, it will be important to be able to work with various teams such as Dev, HelpDesk, HR, Legal etc guiding Security recommendations for the program.

Responsibilities:

  • Formalize the Data Security & Privacy Program including: data mapping, data identification, data security standards & data security practices & processes.
  • Drive the technical practices & implementation of securing data across technical systems & infrastructure.
  • Develop, implement & manage security standards, plans/roadmaps & operational processes to secure the AWS platform & resources such as RDS, EC2, S3, etc.
  • Manage Security Alerts & provide Incident Response support services, it's not expected someone knows everything but this person should be able to identify & perform triage to resolve a Security Incident.
  • Able to deploy & manage infrastructure & applications via code, CICD pipeline & K8.
  • Contribute to the development, improvement & operational management of Security Operations, Monitoring & Incident Response practices, processes & solutions.
  • Able to work with vendors & manage PoC's.
  • Overall understanding of Security Domains, Compliance Requirements, & Risk Management Practices.

Required Knowledge & Skills:

  • Excellent communication, interpersonal & leadership skills, with the ability to interact with staff at all levels.
  • Knowledge of CASB, DLP & SASE technologies
  • Proven ability to be agile & work effectively in a dynamic environment.
  • Demonstrated ability to perform under pressure & respond rapidly to emerging incidents & situations.
  • Excellent coordination, project management, & organization skills & comfortable with multi-tasking in a high-energy environment.
  • Should be a creative & analytical problem solver with a passion to provide excellent customer service.
  • Practical hands-on experience engineering & implementing data security controls in cloud environments including databases, datastores & SaaS platforms.
  • Linux & Kubernetes/Container management & security
  • DevOps code based implementation & management
  • Knowledge of AWS including but not limited to S3, Lambda, RDS, EC2 & AWS Security Center
  • Understanding of TCP/IP Networking including knowledge of Protocols & Services
  • Understanding of what Information or Assets are of value to Threat Actors & how Organizations are Breached & Customer Accounts Compromised.

Overall understanding of the Security domain, compliance, business, risk, ops etc ALONG with its application to the business.

ACV Auctions is an equal opportunity employer (EOE) & all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. 

#LI-AM1

 
 
 
Apply To Job
 
 
 
 
 
© 2021 GarysGuide      About    Feedback    Press    Terms