Application Security Engineer, Product Security

  • Company:
    ACV Auctions
  • Location:
  • Salary:
    negotiable / month
  • Job type:
    Full-Time
  • Posted:
    3 days ago
  • Category:
    Engineering

ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind and value for our customers. We do this with a combination of the industry’s best technology and the world’s best people. As a result of our team’s tireless effort and dedication, we’re growing at a staggering rate. ACV is attracting new people from widely different backgrounds and geographies who are invested in the genuine belief that we are creating something special. We are looking for an experienced Product Security Engineer to join our team that can help us to strategically push forward the state of product security throughout ACV. The Product Security team is dedicated to identifying the most important Application and Product Security risks and use our passion for building things to mitigate or eliminate those risks. To get specific, here are some things our team works on:Account Security We work to ensure only legitimate users can access their accounts. Examples include: Two-factor Authentication (2FA) and WebAuthnVerified device protection for non-2FA users. Establishing a comprehensive User Behavior Analytics account protection program focusing on account security and protection We are passionate about projects where we can add defense in depth or secure by default security patterns. Examples include: Continually looking for modern web security standards we can leverage such as content security policy, samesite cookies etc. Build/operate an internal cryptographic service used by other Engineers and services throughout ACV. Application Security Architecture We collaborate with Engineers throughout ACV to develop solutions to security obstacles that strike the best balance between security, usability, and convenience. Responsibilities: Help to identify the most important strategic Product Security focus areas for the team and ACV itself Participate in Security Architecture discussions with other Engineering teams throughout ACV Stay current with emerging security standards and help to identify when and where they should be adopted at ACV Participate in the team’s technical/architectural decision making Write robust, maintainable backend code Review code and lead group discussions about the projects we’re working onDevelop systematic solutions to problems instead of focusing on one-off fixes Mentor other engineersSupport and manage the SDLC PracticePartner with Application Security Testing Teams to integrate AST into CI/CD pipelines Minimum Qualifications: A passion for application security related problems 5+ years building software applications at scale 3+ years designing/architecting secure systems at scaleWorking knowledge of web application vulnerabilities and mitigations Known for being a great communicator and collaborator with excellent written and verbal communication skills Preferred Qualifications: Practical software development skills with C#, Python and JavaWorking knowledge of applied cryptography Working knowledge of modern web security standards Experience mitigating account security risks Experience using Git Leadership Principles: Customer ObsessedTrust by DefaultShip to LearnOwn the OutcomeGrowth MindsetGlobal Product, Global TeamAnything is PossiblePractice Kindness