United States onlyIf you are looking for a career at a dynamic company with a people-first mindset and a deep culture of growth and autonomy, ACV is the right place for you! Competitive compensation packages and learning and development opportunities, ACV has what you need to advance to the next level in your career. We will continue to raise the bar every day by investing in our people and technology to help our customers succeed. We hire people who share our passion, bring innovative ideas to the table, and enjoy a collaborative atmosphere.
Who we are:
ACV is a technology company that has revolutionized how dealers buy and sell cars online. We are transforming the automotive industry. ACV Auctions Inc. (ACV), has applied innovation and user-designed, data driven applications and solutions. We are building the most trusted and efficient digital marketplace with data solutions for sourcing, selling and managing used vehicles with transparency and comprehensive insights that were once unimaginable. We are disruptors of the industry and we want you to join us on our journey. Our network of brands include ACV Auctions, ACV Transportation, ClearCar, MAX Digital and ACV Capital within its Marketplace Products, as well as, True360 and Data Services.
At ACV we focus on the Health, Physical, Financial, Social and Emotional Wellness of our Teammates and, to support this, we offer:
- Multiple medical plans including a high deductible, low cost health plan
- Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance
- Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance
- Generous paid time off options, including uncapped vacation days, the greater of 3 paid sick days or in accordance with the applicable state or local paid sick leave law, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave, and other forms of paid leave as required by applicable law or regulation
- Employee Stock Purchase Program with additional opportunities to earn stock in the Company
- Retirement planning through the Company’s 401(k)
Who we are looking for:
ACV is looking for an Application Security Engineer to join our security team and lead the development and maturation of our Application Security (AppSec) program. This is a high-impact role for someone with a proven track record of embedding security into modern software development lifecycles in SaaS environments. You’ll work across engineering, product, and DevOps to ensure secure design, implementation, and deployment of our applications and services. This role is ideal for a developer turned security leader who has built or significantly matured an AppSec program from the ground up and is looking to drive impact at scale within a fast-paced, cloud-native, DevSecOps environment.
Who we are looking for:
ACV is looking for an Application Security Engineer to join our security team and lead the development and maturation of our Application Security (AppSec) program. This is a high-impact role for someone with a proven track record of embedding security into modern software development lifecycles in SaaS environments. You’ll work across engineering, product, and DevOps to ensure secure design, implementation, and deployment of our applications and services. This role is ideal for a developer turned security leader who has built or significantly matured an AppSec program from the ground up and is looking to drive impact at scale within a fast-paced, cloud-native, DevSecOps environment.
What you will do
- Actively and consistently support all efforts to simplify and enhance the customer experience
- Design, implement, and scale ACV's Application Security Program, aligning with Secure SDLC best practices and taking a Shift Left by default approach.
- Serve as the subject matter expert for secure application architecture, code analysis, and application threat modeling.
- Partner with engineering and security teams to integrate security tools and controls into CI/CD pipelines (e.g., SAST, DAST, SCA, secrets management)
- Conduct and oversee escalated code reviews, security assessments, and pen testing of internal and external applications
- Lead threat modeling workshops, security training, and awareness initiatives for developers and architects.
- Develop policies, standards, and automation to support a secure-by-default engineering culture.
- Drive remediation efforts by working hands-on with developers to fix critical vulnerabilities.
- Collaborate with compliance and risk teams to meet security audit and regulatory requirements (SOC 2, ISO 27001, etc.).
- Stay current on emerging threats, vulnerabilities, and secure development trends.
- Perform additional duties as assigned
What you will need:
- Ability to read, write, speak and understand English.
- Attention to detail and strong organizational skills
- Critical thinking and problem-solving abilities
- Effective written and verbal English communication skills
- Demonstrated experience building or leading a successful Application Security Program at a technology-driven organization
- Deep technical knowledge of common web and mobile vulnerabilities (e.g., OWASP Top 10), microservices security, and cloud-native architectures (preferably AWS)
- Strong proficiency with security testing tools (e.g., Burp Suite, GitHub Advanced Security, Snyk, Checkmarx, etc.)
- Familiarity with modern development stacks and languages (e.g., Node.js, Python, Go, React)
- Hands-on experience securing CI/CD environments and working with DevOps teams
- Experience conducting code and security reviews of architecture designs, APIs, and infrastructure-as-code
- Strong communication skills with the ability to influence engineers and leadership alike as well as understand that different audiences require different messages
- Industry certifications a plus (e.g., OSWE, GWAPT, CSSLP, CISSP)
Compensation: $154,000.00 - $192,000.00 annually. Please note that final compensation will be determined based upon the applicant's relevant experience, skillset, location, business needs, market demands, and other factors as permitted by law.
No immigration or work visa sponsorship will be provided for this position.
Our Values Trust & Transparency | People First | Positive Experiences | Calm Persistence | Never Settling
At ACV, we are committed to an inclusive culture in which every individual is welcomed and empowered to celebrate their true selves. We achieve this by fostering a work environment of acceptance and understanding that is free from discrimination. ACV is committed to being an equal opportunity employer regardless of sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires reasonable accommodation, please let us know.
For information on our collection and use of your personal information, please see our Privacy Notice.
