Lead SecOps Engineer, Data Security & Privacy

ACV Auctions is the leading dealer-to-dealer, online automotive marketplace in the nation. We bring transparency to every transaction from start to finish, ensuring peace of mind and value for our customers. We do this with a combination of the industry’s best technology and the world’s best people. As a result of our team’s tireless effort and dedication, we’re growing at a staggering rate. ACV is attracting new people from widely different backgrounds and geographies who are invested in the genuine belief that we are creating something special.

ACV Auctions is looking for a Lead SecOps Engineer, Data Security and Privacy. The Data Security and Privacy SecOps Engineer is someone who is passionate about building and managing Security Infrastructure and Business Practices and enhancement that drive effective data risk management and reduction. In this role you will be responsible for creating a model of Security for the cloud resources that supports the ACV Platform. This includes the AWS and GCP along with nodes that host K8 clusters and other third party partners.We are building a layered Security approach which means the SecOps Engineer will need to work hand in hand with teams such as Infrastructure, AppSec, Detection and Response, Development Teams and compliance to ensure the flow from Applications to APIs to Cloud Resources are secured. In lieu of layering Security controls the person in this role will be working to enhance and strengthen the Security Controls within our environment as a whole, such as: anti-phishing gateways, EDR, AV, firewalls, IDS/IPS systems, AWS Security Hub. Further this position is not only about growing ACV's capability's but our associates as well, it will be important to be able to work with various teams such as Dev, HelpDesk, HR, Legal etc guiding Security recommendations for the program.

Responsibilities: - Formalize the Data Security and Privacy Program including: data mapping, data security standards and data security practices and processes.- Drive the technical implementation of securing data across technical systems and infrastructure.- Develop, implement and manage security standards, plans/roadmaps and operational processes to secure the AWS platform and resources such as RDS, EC2, S3, etc.- Manage Security Alerts and provide Incident Response support services, it's not expected someone knows everything but this person should be able to identify and perform triage to resolve a Security Incident.- Able to deploy and manage infrastructure and applications via code, CICD pipeline and K8.- Contribute to the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions.- Able to work with vendors and manage PoC's.- Overall understanding of Security Domains, Compliance Requirements, and Risk Management Practices.

- Excellent communication, interpersonal and leadership skills, with the ability to interact with staff at all levels.- Proven ability to be agile and work effectively in a dynamic environment. - Demonstrated ability to perform under pressure and respond rapidly to emerging incidents and situations.- Excellent coordination, project management, and organization skills and comfortable with a multi-tasking in a high-energy environment. - Should be a creative and analytical problem solver with a passion to provide excellent customer service.- Practical hands-on experience engineering and implementing data security controls in cloud environments including databases, datastores and SaaS platforms.- Linux and Kubernetes/Container management and security - DevOps code based implementation and management- Knowledge of AWS including but not limited to S3, Lambda, RDS, EC2 and AWS Security Center- Understanding of TCP/IP Networking including knowledge of Protocols and Services- Understanding of what Information or Assets are of value to Threat Actors and how Organizations are Breached and Customer Accounts Compromised.- Overall understanding of the Security domain, compliance, business, risk, ops etc ALONG with it's application to the business.