ACV’s mission is to build and enable the most trusted and efficient digital marketplaces for buying and selling used vehicles with transparency and comprehensive data that was previously unimaginable. We are powered by a combination of the world’s best people and the industry’s best technology. At ACV, we are driven by an entrepreneurial spirit and rewarded with a work environment that enables each Teammate to impact the company from day one. ACV’s network of brands includes ACV Auctions, ACV Transportation and ACV Capital within its Marketplace Products as well as True360 and Data Services.
What you will do:
ACV Auctions is looking for a Lead SecOps Engineer, Data Security and Privacy. The Data Security and Privacy SecOps Engineer is someone who is passionate about building and managing Security Infrastructure and Business Practices and enhancement that drive effective data risk management and reduction. In this role you will be responsible for creating a model of Security for the cloud resources that supports the ACV Platform. This includes the AWS and GCP along with nodes that host K8 clusters and other third party partners.
We are building a layered Security approach which means the SecOps Engineer will need to work hand in hand with teams such as Infrastructure, AppSec, Detection and Response, Development Teams and compliance to ensure the flow from Applications to APIs to Cloud Resources are secured. In lieu of layering Security controls the person in this role will be working to enhance and strengthen the Security Controls within our environment as a whole, such as: anti-phishing gateways, EDR, AV, firewalls, IDS/IPS systems, AWS Security Hub. Further this position is not only about growing ACV's capabilities but our associates as well, it will be important to be able to work with various teams such as Dev, HelpDesk, HR, Legal etc guiding Security recommendations for the program.
- Formalize the Data Security and Privacy Program including: data mapping, data identification, data security standards and data security practices and processes.
- Drive the technical practices and implementation of securing data across technical systems and infrastructure.
- Develop, implement and manage security standards, plans/roadmaps and operational processes to secure the AWS platform and resources such as RDS, EC2, S3, etc.
- Manage Security Alerts and provide Incident Response support services, it's not expected someone knows everything but this person should be able to identify and perform triage to resolve a Security Incident.
- Able to deploy and manage infrastructure and applications via code, CICD pipeline and K8.
- Contribute to the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions.
- Able to work with vendors and manage PoC's.
- Overall understanding of Security Domains, Compliance Requirements, and Risk Management Practices.
What you will need:
- Excellent communication, interpersonal and leadership skills, with the ability to interact with staff at all levels.
- Knowledge of CASB, DLP and SASE technologies
- Proven ability to be agile and work effectively in a dynamic environment.
- Demonstrated ability to perform under pressure and respond rapidly to emerging incidents and situations.
- Excellent coordination, project management, and organization skills and comfortable with multi-tasking in a high-energy environment.
- Should be a creative and analytical problem solver with a passion to provide excellent customer service.
- Practical hands-on experience engineering and implementing data security controls in cloud environments including databases, datastores and SaaS platforms.
- Linux and Kubernetes/Container management and security
- DevOps code based implementation and management
- Knowledge of AWS including but not limited to S3, Lambda, RDS, EC2 and AWS Security Center
- Understanding of TCP/IP Networking including knowledge of Protocols and Services
- Understanding of what Information or Assets are of value to Threat Actors and how Organizations are Breached and Customer Accounts Compromised.
- Overall understanding of the Security domain, compliance, business, risk, ops etc ALONG with its application to the business.
What we offer:
- Comprehensive benefits offerings for benefits eligible Teammates.
- Unique culture that truly values each and every Teammate.
- Career development and Future Growth Opportunities.
At ACV, we are committed to an inclusive culture in which every individual is welcomed and empowered to celebrate their true selves. We achieve this by fostering a work environment of acceptance and understanding that is free from discrimination. ACV is committed to being an equal opportunity employer regardless of sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires accommodation, please let us know.