• Lead the design, deployment, and lifecycle management of secure configuration baselines • Perform in-depth and high quality security assessments of third parties • Define and perform security assessments on emerging technologies provided by third parties • Act as the subject matter expert for SaaS-related security telemetry • Spearhead the use of Large Language Models (LLMs) and autonomous AI Agents • Provide guidance to team members and Salesforce suppliers on Salesforce security requirements • Build cross-functional partnerships with departments including Business, Sourcing, Legal, and Information Technology

Overview As a Senior Investigator, you will investigate suspected incidents of healthcare fraud, waste, or abuse through data analysis (a high level of proficiency with Excel is required). This is not a physical investigator role. This role aligns with our pre-pay Fraud Waste & Abuse team. Responsibilities - Identify, investigate, analyze and evaluate instances of potential fraud, waste, and abuse. - Conduct interviews or correspond with patients, providers, witnesses or other relevant parties to determine settlement, denial or review. - Analyze information gathered by investigation and report findings and recommendations as a written summary and/or presentation. - Conducts investigation-related training. - Supports legal proceedings as needed, including testifying in court or working with law enforcement personnel to prepare cases for civil or criminal actions. - Negotiates settlement agreements to resolve disputes. - Maintain current knowledge of relevant laws, regulations and standards. - Participates in special projects as required. This job description is intended to describe the general nature and level of work being performed and is not to be construed as an exhaustive list of responsibilities, duties and skills required. This job description does not constitute an employment agreement and is subject to change as the needs of Cotiviti and requirements of the job change. Qualifications - Bachelor’s Degree in related discipline, or the equivalent combination of education, professional training and work experience. - 5-8 years of related investigative experience. - Advanced level skills in Excel. - Excellent verbal and written communication skills. - Strong listening and observation skills. - Attention to detail and high level of accuracy. - Effective organizational and prioritization skills with multi-tasking ability. - Preferred certifications: - Accredited Healthcare Fraud Investigator (AHFI), - Certified Fraud Specialist (CFS), - Certified Fraud Examiner (CFE), - Certified Forensic Interviewer (CFI), or - Certified in Healthcare Compliance (CHC). Job Demands: - This is a work-at-home position. Access to high-speed internet is required (all other equipment will be provided). - Must be able to sit and use a computer keyboard for extended periods of time. - Travel up to 15%. - Must have flexibility and willingness to participate in the work processes of an international organization, including conference calls scheduled to accommodate global time zones. - After hours and/or weekend work is required where necessary for major deliverables/deadlines (not consistent). Mental Requirements: - Communicating with others to exchange information. - Assessing the accuracy, neatness, and thoroughness of the work assigned. Physical Requirements and Working Conditions: - Remaining in a stationary position, often standing or sitting for prolonged periods. - Repeating motions that may include the wrists, hands, and/or fingers. - Must be able to provide a dedicated, secure work area. - Must be able to provide high-speed internet access/connectivity and office setup and maintenance. Base compensation ranges from $70,000 to $90,000 per year. Specific offers are determined by various factors, such as experience, education, skills, certifications, and other business needs. Cotiviti offers team members a competitive benefits package to address a wide range of personal and family needs, including medical, dental, vision, disability, and life insurance coverage, 401(k) savings plans, paid family leave, 9 paid holidays per year, and 17-27 days of Paid Time Off (PTO) per year, depending on specific level and length of service with Cotiviti. For information about our benefits package, please refer to our Careers page. Date of posting: 4/3/2026 Applications are assessed on a rolling basis. We anticipate that the application window will close on 6/3/2026, but the application window may change depending on the volume of applications received or close immediately if a qualified candidate is selected. #senior #LI-JB1 #LI-Remote

• Responsible for the design, configuration, optimization, and ongoing support of Workday Security and Core HCM • Partner closely with HR and IT stakeholders • Manage core HCM setup configuration • Provide technical leadership by evaluating design options and proposing alternatives • Review and assess proposed changes to ensure alignment with security architecture and audit requirements • Contribute to ongoing system maintenance and business continuity

If you are looking for a career at a dynamic company with a people-first mindset and a deep culture of growth and autonomy, ACV is the right place for you! Competitive compensation packages and learning and development opportunities, ACV has what you need to advance to the next level in your career. We will continue to raise the bar every day by investing in our people and technology to help our customers succeed. We hire people who share our passion, bring innovative ideas to the table, and enjoy a collaborative atmosphere. Who we are: ACV is a technology company that has revolutionized how dealers buy and sell cars online. We are transforming the automotive industry. ACV Auctions Inc. (ACV), has applied innovation and user-designed, data driven applications and solutions. We are building the most trusted and efficient digital marketplace with data solutions for sourcing, selling and managing used vehicles with transparency and comprehensive insights that were once unimaginable. We are disruptors of the industry and we want you to join us on our journey. Our network of brands include ACV Auctions, ACV Transportation, ClearCar, MAX Digital and ACV Capital within its Marketplace Products, as well as, True360 and Data Services. At ACV we focus on the Health, Physical, Financial, Social and Emotional Wellness of our Teammates and, to support this, we offer: - Multiple medical plans including a high deductible, low cost health plan - Company-sponsored (paid) Short-Term Disability, Long-Term Disability, and Life Insurance - Comprehensive optional benefits such as Dental, Vision, Supplemental Life/AD&D, Legal/ID Protection, and Accident and Critical Illness Insurance - Generous paid time off options, including uncapped vacation days, the greater of 3 paid sick days or in accordance with the applicable state or local paid sick leave law, 6 paid company holidays, 2 floating holidays, parental leave, bereavement leave, jury duty leave, voting leave, and other forms of paid leave as required by applicable law or regulation - Employee Stock Purchase Program with additional opportunities to earn stock in the Company - Retirement planning through the Company’s 401(k) Who we are looking for: The Director of Product Security is a critical leadership role responsible for the overall security posture of ACV’s software applications and platforms. Reporting directly to the CISO, this individual will own and mature the entire Product and Application Security program, integrating security practices throughout the Secure Software Development Lifecycle (SSDLC). This position requires a self-motivated and highly organized leader with excellent communication and technical skills. The Director will ensure the confidentiality, integrity, and availability of ACV’s product-related data and systems by mitigating code-based risks within a fast-paced, technology-driven environment. You will build and lead a high-performing team, driving continuous improvement and ensuring ACV remains a secure and trusted platform for dealers and buyers nationwide. What you will do: - Design, implement, and manage the end-to-end Product Security program, focusing on securing ACV's proprietary applications and code base. - Lead the adoption of DevSecOps practices, automating security tools and gates within the Continuous Integration/Continuous Deployment (CI/CD) pipelines to prevent security defects from reaching production. - Establish and enforce Secure Software Development Lifecycle (SSDLC) requirements, including security training for engineering teams and defining secure coding standards. - Build, mentor, and manage a team of Product Security Engineers responsible for application vulnerability management, security testing, and architectural review. - Understand and protect against the risks that AI brings without becoming the team that puts the No in Innovation. Proactively identify and establish security guardrails for AM/ML model development and usage to ensure safe innovation and high engineering velocity. - Oversee the deployment, tuning, and management of application security testing tools, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to identify and remediate code-based vulnerabilities. - Lead vulnerability remediation efforts for all ACV products, working closely with engineering and product teams to prioritize and track fixes based on risk. - Perform and oversee deep-dive security architecture and design reviews for all new products, features, and core application services, ensuring security is "baked in" from conception. - Define and manage secure configuration standards for containerized applications, microservices, APIs, and their supporting cloud infrastructure (AWS and GCP). - Manage and coordinate external penetration testing and bug bounty programs focused on ACV’s applications and APIs. - Design, maintain, and measure processes to prevent vulnerabilities from reaching production in a true Shift Left fashion. - Work with Technical Program Management to create appropriate key performance indicators to show success and improvement points in the program. - Contribute to ACV’s overall Governance, Risk, and Compliance (GRC) program by ensuring applications meet required internal security policies and external regulatory standards (e.g., SOC2, GDPR, CCPA). - Lead security risk assessments, threat modeling, and tabletop exercises specific to product features and application architecture, identifying and prioritizing technical vulnerabilities and developing mitigation strategies. - Ensure protection of sensitive data, including PII and financial information, within the application environment in compliance with relevant regulations. Validate that products conform to ACV’s data classification policies and other relevant documents and oversee processes to measure and enforce this before deployment. - Serve as the primary security advisor to Product and Engineering leadership and stakeholders on all matters related to application and product security. - Collaborate effectively with IT, Engineering, and Product teams to integrate security into their processes, fostering a strong security-conscious culture across development teams. - Maintain strong communication channels with remote team members, ensuring alignment and fostering a cohesive team environment. - Create a culture of communication, where collaboration and a sense of partnership with the remainder of the organization is evident and valued. - Create and maintain executive dashboards to increase security visibility throughout the organization and identify opportunities for improvement. - Perform additional duties as assigned. What you will need: - 10+ years experience in Information Security, with at least 5+ years directly focused on Product Security or Application Security in a leadership role. - Proven experience building and leading a centralized Product Security/AppSec program within a technology-driven, cloud-based SaaS company. - Deep, hands-on knowledge of the Secure Software Development Lifecycle (SSDLC), CI/CD, and DevSecOps principles, including automating security tooling. - Strong understanding of security frameworks and best practices (NIST CSF, ISO 27001, CIS Controls). - Extensive experience with cloud security, with a strong focus on securing applications deployed in AWS and/or GCP environments. Experience with Fintech companies is desirable. - Experience with modern software development including Agentic and Generative AI techniques. - Expertise with multiple application security tools, including SAST, DAST, MAST, SCA, API security platforms, and Web Application Firewalls (WAF). - Excellent communication, interpersonal, and leadership skills, with an ability to translate complex technical risks into business context for executive leadership and stakeholders. - Ability to work effectively in a remote environment and manage geographically dispersed teams. #LI-AM1 Our Values Trust & Transparency | People First | Positive Experiences | Calm Persistence | Never Settling At ACV, we are committed to an inclusive culture in which every individual is welcomed and empowered to celebrate their true selves. We achieve this by fostering a work environment of acceptance and understanding that is free from discrimination. ACV is committed to being an equal opportunity employer regardless of sex, race, creed, color, religion, marital status, national origin, age, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, disability, military status, status as a veteran, or any other protected characteristic. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you have a disability or special need that requires reasonable accommodation, please let us know. For information on our collection and use of your personal information, please see our Privacy Notice. No immigration or work visa sponsorship provided for this position. Compensation: The compensation range for this position is listed in the "Job Details" section at the bottom of this posting. Please note that final compensation will be determined based upon the applicant's relevant experience, skill set, location, business needs, market demands, and other factors as permitted by law.