Staff Engineer, Security Operations

September 12, 2024If you are looking for a career at a dynamic company with a people-first mindset and a deep culture of growth and autonomy, ACV is the right place for you! Competitive compensation packages and learning and development opportunities, ACV has what you need to advance to the next level in your career. We will continue to raise the bar every day by investing in our people and technology to help our customers succeed. We hire people who share our passion, bring innovative ideas to the table, and enjoy a collaborative atmosphere.Who we are:ACV is a technology company that has revolutionized how dealers buy and sell cars online. We are transforming the automotive industry. ACV Auctions Inc. (ACV), has applied innovation and user-designed, data-driven applications and solutions. We are building the most trusted and efficient digital marketplace with data solutions for sourcing, selling, and managing used vehicles with transparency and comprehensive insights that were once unimaginable. We are disruptors of the industry and we want you to join us on our journey. ACV’s network of brands includes ACV Auctions, ACV Transportation, ClearCar, MAX Digital, and ACV Capital within its Marketplace Products, as well as True360 and Data Services.At ACV we focus on the Health, Physical, Financial, Social, and Emotional Wellness of our Teammates and to support this we offer:Company Sponsored (paid) Healthcare, Dental, Vision, Life/AD&D, Short-Term and Long-Term DisabilityComprehensive additional optional benefits such as Critical Illness and Supplemental Life/AD&D.All insurance benefits go into effect on your date of hireGenerous Parental Leave Top-Up Pay and Vacation ProgramsEmployee Stock Purchase Program with additional opportunities to earn stock in the companyRetirement planning through the Company’s RRSPWho we are looking for:The Staff Engineer, Security Operations is responsible for overseeing and maintaining the security infrastructure and operations of an organization. They design, implement, and manage security systems, including firewalls, intrusion detection systems, and access control systems. They monitor and analyze security events and incidents, respond to security breaches, and conduct vulnerability assessments and penetration testing. The Staff Engineer collaborates with cross-functional teams to develop and enforce security policies and procedures and provides guidance and support to junior engineers. They stay updated on the latest security technologies and trends to ensure the organization's security posture remains strong.What you will do:Actively and consistently support all efforts to simplify and enhance the customer experience.Lead business use case analysis to implement identity and access management solutionsIdentify required attributes, customizing login pages and implement security policiesFollow SDLC, change management and document the procedures on Trusted Identity solutions to meet compliance requirementsAnticipate, identify, track and resolve technical issuesDevelop and implement repeatable processes for Access ManagementLead the Trusted Identity team in implementing scalable access management and identity lifecycle processesWork closely with business, application, and solution owners to ensure user and role definitions and associated access rights are appropriateLead role-based access control (RBAC) model and maintain role-based access control documentation for operational processesCreate and implement automated processes that reduce manual efforts and increase overall efficiency and scalabilityManage Security Alerts and provide Incident Response support services, it's not expected someone knows everything but this person should be able to identify and perform triage to resolve a Security IncidentDevelop and implement process improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutionsManage and maintain other security SaaS applications such as anti-phishing, EDR, or logging tools as requiredLead employee trainings, such as creating webinars, create “how-to” tech articles, etc.Perform other duties as assignedWhat you will need:Ability to read, write, speak and understand English.Extensive and demonstrated experience in end-to-end deployment of identity and access management toolsKnowledge of Security Domains, Compliance Requirements, and Risk Management PracticesKnowledge of Identity concepts such as Privileged Account Management and Life Cycle ManagementKnowledge of AWS including but not limited to S3, Lambda, RDS, EC2 and AWS Security CenterKnowledge of TCP/IP Networking including knowledge of Protocols and ServicesOverall understanding of the Security domain, compliance, business, risk, ops etc along with its application to the businessUnderstanding of building and making tools for our partners, how do we make something into a service?Ability to read python code and writing basic scripts, or using Low Code / No Code SOAR toolsAbility to build and implement security tools such as anti-phishing, EDR, or EMM/MDM toolsExcellent communication, interpersonal and leadership skills, with the ability to interact with staff at all levels.Proven ability to be agile and work effectively in a dynamic environment.Demonstrated ability to perform under pressure and respond rapidly to emerging incidents and situations.Excellent coordination, project management, and organization skills and comfortable with multi-tasking in a high-energy environment.Our ValuesTrust & Transparency | People First | Positive Experiences | Calm Persistence | Never SettlingAt ACV, we are committed to an inclusive culture in which every individual is welcomed and empowered to celebrate their true selves. We achieve this by fostering a work environment of acceptance and understanding that is free from discrimination. ACV is committed to being an equal opportunity employer regardless of sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires reasonable accommodation, please let us know. #J-18808-Ljbffr