ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind and value for our customers. We do this with a combination of the industry’s best technology and the world’s best people. As a result of our team’s tireless effort and dedication, we’re growing at a staggering rate. ACV is attracting new people from widely different backgrounds and geographies who are invested in the genuine belief that we are creating something special.
ACV Auctions is looking for a Cybersecurity Architect SecOps Engineer. The Cybersecurity Architect SecOps Engineer is someone who has a passion building and managing Security Designs, Standards, Infrastructure and Business Processes. In this role you will be responsible for creating a model of Security for the cloud resources that supports the ACV Platform. This includes the AWS and GCP along with nodes that host K8 clusters and other 3rd Party partners.
We are building a layered Security approach which means the Cybersecurity Architect will need to work hand in hand with teams such as Infrastructure, AppSec, Detection and Response, Development Teams and compliance to ensure the flow from Applications to APIs to Cloud Resources are secured. In lieu of layering Security controls the person in this role will be working to enhance and strengthen the Security Controls within our environment as a whole, such as: anti-phishing gateways, EDR, AV, firewalls, IDS/IPS systems, AWS Security Hub. Further this position is not only about growing ACV's capability's but our associates as well, it will be important to be able to work with various teams such as Dev, HelpDesk, HR, Legal etc guiding Security recommendations for the program.
What you will do:
- Collaborate and drive Technology Leadership to develop and implement strategic and enterprise-wide product and technology initiatives securely.
- Collaborate with Strategic Business Leadership to develop and document Enterprise Risk Management practices and programs.
- Develop, implement and manage security standards, plans/roadmaps and operational processes to secure the AWS platform and resources such as RDS, EC2, S3, etc.
- Manage Security Alerts and provide Incident Response support services, it's not expected someone knows everything but this person should be able to identify and perform triage to resolve a Security Incident.
- Able to deploy and manage infrastructure and applications via code, CI/CD pipeline and K8.
- Contribute to the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions.
- Able to work with vendors and manage PoC's.
- Overall understanding of Security Domains, Compliance Requirements, and Risk Management Practices.
What you need know:
- Excellent communication, interpersonal and leadership skills, with the ability to interact with staff at all levels.
- Proven ability to be agile and work effectively in a dynamic environment.
- Demonstrated ability to perform under pressure and respond rapidly to emerging incidents and situations.
- Excellent coordination, project management, and organization skills and comfortable with a multi-tasking in a high-energy environment.
- Should be a creative and analytical problem solver with a passion to provide excellent customer service.
- Linux and Kubernetes/Container management and security.
- DevOps code based implementation and management.
- Knowledge of AWS including but not limited to S3, Lambda, RDS, EC2 and AWS Security Center.
- Understanding of TCP/IP Networking including knowledge of Protocols and Services.
- Understanding of what Information or Assets are of value to Threat Actors and how Organizations are Breached and Customer Accounts Compromised.
- Overall understanding of the Security domain, compliance, business, risk, ops etc ALONG with it's application to the business.
- Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major OR equivalent work experience.
- Current holder of penetration testing certifications such as OSCP, OSWP, GWAPT, GXPN, GPEN, CREST.
- 2+ years of professional web-application development or source code review experience.
- Familiar with writing tools to aid in penetration testing.
- Development experience with multi-tiered Internet applications.
- Development and/or architecture familiarity mobile applications, specifically iOS and Android.
- Experience conducting targeted phishing and related social engineering tests.
- Penetration testing experience with DevOps-related technologies such as Docker, Kubernetes, and CI/CD tool environments.
- Penetration testing and reverse engineering experience with embedded systems and hardware (i.e. IoT devices).
- Experience developing custom scripts or tools used for vulnerability scanning and identification.
- Unix, Windows (negligible), or networking security experience.
- Development and/or architecture familiarity mobile applications, specifically Apple iOS and Android.
- ACV Auctions is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.