Staff Application Security Engineer

Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.

Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!

As a Staff Application Security Engineer, you will be a technical leader on the Information Security team supporting technologies that enable Credit Acceptance's security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems.

Outcomes and Activities:

• This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member
• Act as a technical leader in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities

• Mature and develop the overall strategy for configuring our security policies and alerting mechanisms in our security stack

• Perform threat modeling, architectural risk analysis, design reviews, code review, and security testing on applications

• Provide guidance on triaging potential vulnerabilities identified by application security program with context of application and related business knowledge

• Collaborate cross functionally to ensure technology is free from security defects

• Create documentation, knowledge base articles, or diagrams concerning security technologies or their data flows

Competencies: The following items detail how you will be successful in this role.

• Customer Empathy: Customer Empathy is the ability to understand the perspectives, pain points, and experiences of customers. It involves actively putting oneself in the customer's shoes, comprehending their needs and challenges, and using that understanding to provide a better, more customer-centric experience.

• Engineering Excellence: Engineering Excellence is about bringing great craftsmanship and thought leadership to deliver an outstanding product that delights customers and solves for the business. This involves the pursuit and achievement of high standards, best practices, innovation, and superior solutions.

• One Team: A One Team mindset refers to a collaborative approach across the organization, where individuals work together seamlessly, without boundaries, as a single, cohesive team. Shared goals, open communication and mutual support create a sense of collective purpose. This enables teams to navigate challenges and pursue shared objectives more effectively.

• Owner's Mindset: Owner's Mindset involves adopting a set of behaviors that reflect a sense of responsibility, accountability, strategic thinking, and a proactive approach to managing your domain. As an owner, you understand the business and your domain(s) deeply and solve for the right outcome for the domain(s) and the business.

Requirements:

• Bachelor's degree in Computer Science, Information Systems, or closely related field of study; or equivalent work experience

• Minimum 8 years of experience with a focus on Application Security Engineering

• Experience performing threat modeling, design reviews, and secure code reviews on applications and systems

• Strong familiarity with a broad range of security technologies: SIEM, CASB, SOAR, DLP, and EDR.

• Strong understanding of software composition analysis and creating SBOMs

• Experience with OWASP

• Experience with SAST and DAST/IAST tools

• Expertise with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps)

• Knowledge of cloud platforms and services, with experience in cloud security

• Experience with automated software and security testing tools and techniques

• Experience with Docker and Kubernetes container security

Preferred Experience:

• Professional experience with one or more of the following languages (C#, .NET, Java, etc.)

• Professional certifications in cyber security (CSSLP, OSCP, etc.)

• Financial Services industry experience

• Familiarity with software assurance maturity models

• Experience developing and training on threat models using STRIDE

• Experience with ASPM or RASP tools

• Experience with UVM tools

• Mobile App testing experience

• Experience with the following regulatory standards PCI-DSS, ISO 27001, SOX, NYDFS

Knowledge and Skills:

• Ability to challenge the status quo and influence stakeholders to create innovative solutions

• Be collaborative with other team members, seeking a diversity of thought to meet business outcomes

• Ability to foster strong relationships across the organization

• Bring a strong understanding of relevant and emerging technologies, provide input and coach team members and embed learning and innovation in the day-to-day

• Experience and understanding of how to connect the work being done and how it drives business value

• Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership

Targeted Total Compensation: A competitive base salary + an annual variable bonus (cash and equity) will range from $165,000 to 253,750. This position may also be eligible for a sign-on RSU grant.

INDENGMP

#zip

#LI-Remote

Benefits

• Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work

Our Company Values:

To be successful in this role, Team Members need to be:

• Positive by maintaining resiliency and focusing on solutions
• Respectful by collaborating and actively listening
• Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
• Direct by effectively communicating and conveying courage
• Earnest by taking accountability, applying feedback and effectively planning and priority setting

Expectations:

• Remain compliant with our policies processes and legal guidelines
• All other duties as assigned
• Attendance as required by department

Advice !

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term. If you are actively looking or starting to explore new opportunities, send us your application!

P.S .

We have great details around our stats, success, history and more. We're proud of our culture and are happy to share why - let's talk!

Required degrees must have been earned at institutions of Higher Education which are accredited by the Council for Higher Education Accreditation or equivalent.

Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person's age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.

California Residents: Please click here for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.

Play the video below to learn more about our Company culture.