ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind and value for our customers. We do this with a combination of the industry’s best technology and the world’s best people. As a result of our team’s tireless effort and dedication, we’re growing at a staggering rate. ACV is attracting new people from widely different backgrounds and geographies who are invested in the genuine belief that we are creating something special.
We are looking for an experienced Product Security Engineer to join our team that can help us to strategically push forward the state of product security throughout ACV. The Product Security team is dedicated to identifying the most important Application and Product Security risks and use our passion for building things to mitigate or eliminate those risks. To get specific, here are some things our team works on:
- We work to ensure only legitimate users can access their accounts. Examples include:
- Two-factor Authentication (2FA) and WebAuthnVerified device protection for non-2FA users.
- Establishing a comprehensive User Behavior Analytics account protection program focusing on account security and protection
- We are passionate about projects where we can add defense in depth or secure by default security patterns. Examples include:
- Continually looking for modern web security standards we can leverage such as content security policy, samesite cookies etc. Build/operate an internal cryptographic service used by other Engineers and services throughout ACV.
Application Security Architecture
- We collaborate with Engineers throughout ACV to develop solutions to security obstacles that strike the best balance between security, usability, and convenience.
- Help to identify the most important strategic Product Security focus areas for the team and ACV itself
- Participate in Security Architecture discussions with other Engineering teams throughout ACV
- Stay current with emerging security standards and help to identify when and where they should be adopted at ACV
- Participate in the team’s technical/architectural decision making
- Write robust, maintainable backend code
- Review code and lead group discussions about the projects we’re working on
- Develop systematic solutions to problems instead of focusing on one-off fixes
- Mentor other engineers
- Support and manage the SDLC Practice
- Partner with Application Security Testing Teams to integrate AST into CI/CD pipelines
- A passion for application security related problems
- 5+ years building software applications at scale
- 3+ years designing/architecting secure systems at scale
- Working knowledge of web application vulnerabilities and mitigations
- Known for being a great communicator and collaborator with excellent written and verbal communication skills
- Practical software development skills with C#, Python and Java
- Working knowledge of applied cryptography
- Working knowledge of modern web security standards
- Experience mitigating account security risks
- Experience using Git
- Customer Obsessed
- Trust by Default
- Ship to Learn
- Own the Outcome
- Growth Mindset
- Global Product, Global Team
- Anything is Possible
- Practice Kindness
ACV Auctions is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.