Application Security Engineer, Product Security

Job Title
Application Security Engineer, Product Security
Job ID
Buffalo,  NY 14203
Other Location

ACV Auctions is reinventing a $100 billion industry through an online, wholesale vehicle marketplace that provides car dealerships a more effective and transparent way of buying and selling wholesale vehicles through 20-minute auctions. Our technology modernizes the entire arc of auction operations, providing third-party inspections, account management, title and payment processing, managing arbitration and transportation. The company strives to be the most trusted source in the industry for dealers to buy and sell wholesale vehicles. The company is growing 300% year-over-year and recently completed a $150 million Series E funding round from investors such as Bessemer Venture Partners and Bain Capital Ventures.

We are looking for an experienced Product Security Engineer to join our team that can help us to strategically push forward the state of product security throughout ACV. The Product Security team is dedicated to identifying the most important Application and Product Security risks and use our passion for building things to mitigate or eliminate those risks. To get specific, here are some things our team works on:

Account Security

  • We work to ensure only legitimate users can access their accounts. Examples include: 
    • Two-factor Authentication (2FA) and WebAuthnVerified device protection for non-2FA users. 
    • Establishing a comprehensive User Behavior Analytics account protection program focusing on account security and protection 
  • We are passionate about projects where we can add defense in depth or secure by default security patterns. Examples include: 
    • Continually looking for modern web security standards we can leverage such as content security policy, samesite cookies etc. Build/operate an internal cryptographic service used by other Engineers and services throughout ACV.

Application Security Architecture

  • We collaborate with Engineers throughout ACV to develop solutions to security obstacles that strike the best balance between security, usability, and convenience.


  • Help to identify the most important strategic Product Security focus areas for the team and ACV itself 
  • Participate in Security Architecture discussions with other Engineering teams throughout ACV 
  • Stay current with emerging security standards and help to identify when and where they should be adopted at ACV 
  • Participate in the team’s technical/architectural decision making 
  • Write robust, maintainable backend code 
  • Review code and lead group discussions about the projects we’re working on
  • Develop systematic solutions to problems instead of focusing on one-off fixes 
  • Mentor other engineers
  • Support and manage the SDLC Practice
  • Partner with Application Security Testing Teams to integrate AST into CI/CD pipelines

Minimum Qualifications:

  • A passion for application security-related problems 
  • 5+ years building software applications at scale 
  • 3+ years designing/architecting secure systems at scale
  • Working knowledge of web application vulnerabilities and mitigations 
  • Known for being a great communicator and collaborator with excellent written and verbal communication skills 

Leadership Principles:

  • Customer Obsessed
  • Trust by Default
  • Ship to Learn
  • Own the Outcome
  • Growth Mindset
  • Global Product, Global Team
  • Anything is Possible
  • Practice Kindness

 ACV Auctions is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. 

Please reference ICMCP should you apply directly with ACV Actions here: https://www.acvauctions.com/jobs?gh_jid=4851297002.  

Option 1: Create a New Profile