What are the responsibilities and job description for the Staff Application Security Engineer position at Credit Acceptance Corporation?

Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.

Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!

As a Staff Application Security Engineer, you will be a technical leader on the Information Security team supporting technologies that enable Credit Acceptance’s security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems.

Outcomes and Activities :

This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member
Act as a technical leader in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities
Mature and develop the overall strategy for configuring our security policies and alerting mechanisms in our security stack
Perform threat modeling, architectural risk analysis, design reviews, code review, and security testing on applications
Provide guidance on triaging potential vulnerabilities identified by application security program with context of application and related business knowledge
Collaborate cross functionally to ensure technology is free from security defects
Create documentation, knowledge base articles, or diagrams concerning security technologies or their data flows

Competencies : The following items detail how you will be successful in this role.

Customer Empathy : Customer Empathy is the ability to understand the perspectives, pain points, and experiences of customers. It involves actively putting oneself in the customer’s shoes, comprehending their needs and challenges, and using that understanding to provide a better, more customer-centric experience.

Engineering Excellence : Engineering Excellence is about bringing great craftsmanship and thought leadership to deliver an outstanding product that delights customers and solves for the business. This involves the pursuit and achievement of high standards, best practices, innovation, and superior solutions.

One Team : A One Team mindset refers to a collaborative approach across the organization, where individuals work together seamlessly, without boundaries, as a single, cohesive team. Shared goals, open communication and mutual support create a sense of collective purpose. This enables teams to navigate challenges and pursue shared objectives more effectively.

Owner’s Mindset : Owner’s Mindset involves adopting a set of behaviors that reflect a sense of responsibility, accountability, strategic thinking, and a proactive approach to managing your domain. As an owner, you understand the business and your domain(s) deeply and solve for the right outcome for the domain(s) and the business.

Requirements :

Bachelor’s degree in Computer Science, Information Systems, or closely related field of study; or equivalent work experience

Minimum 8 years of experience with a focus on Application Security Engineering

Experience performing threat modeling, design reviews, and secure code reviews on applications and systems

Strong familiarity with a broad range of security technologies : SIEM, CASB, SOAR, DLP, and EDR.

Strong understanding of software composition analysis and creating SBOMs

Experience with OWASP

Experience with SAST and DAST / IAST tools

Expertise with continuous integration and continuous deployment (CI / CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps)

Knowledge of cloud platforms and services, with experience in cloud security

Experience with automated software and security testing tools and techniques

Experience with Docker and Kubernetes container security

Preferred Experience :

Professional experience with one or more of the following languages (C#, .NET, Java, etc.)

Professional certifications in cyber security (CSSLP, OSCP, etc.)

Financial Services industry experience

Familiarity with software assurance maturity models

Experience developing and training on threat models using STRIDE

Experience with ASPM or RASP tools

Experience with UVM tools

Mobile App testing experience

Experience with the following regulatory standards PCI-DSS, ISO 27001, SOX, NYDFS

Knowledge and Skills :

Ability to challenge the status quo and influence stakeholders to create innovative solutions

Be collaborative with other team members, seeking a diversity of thought to meet business outcomes

Ability to foster strong relationships across the organization

Bring a strong understanding of relevant and emerging technologies, provide input and coach team members and embed learning and innovation in the day-to-day

Experience and understanding of how to connect the work being done and how it drives business value

Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership

Target Compensation : A competitive base salary range from $154,838 - $227,095. This position is eligible for an annual variable bonus of cash and equity, between 10-20%. Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications.

Candidates who reside in the following major metropolitan areas may be eligible for a premium on top of the posted range based on their specific zone : San Francisco, Seattle, Boston, New York City, Los Angeles and San Diego.

INDENGLP

LI-Remote

Benefits

Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical / dental / vision and many nonstandard benefits that make us a Great Place to Work

Our Company Values :

To be successful in this role, Team Members need to be :

Positive by maintaining resiliency and focusing on solutions

Respectful by collaborating and actively listening

Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions

Direct by effectively communicating and conveying courage

Earnest by taking accountability, applying feedback and effectively planning and priority setting

Expectations :

Remain compliant with our policies processes and legal guidelines

All other duties as assigned

Attendance as required by department

Advice !

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term. If you are actively looking or starting to explore new opportunities, send us your application!

P.S .

We have great details around our stats, success, history and more. We’re proud of our culture and are happy to share why – let’s talk!

Required degrees must have been earned at institutions of Higher Education which are accredited by the Council for Higher Education Accreditation or equivalent.

Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person’s age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.

California Residents : Please click

here

for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.

Play the video below to learn more about our Company culture.

Salary : $154,838 - $227,095

Apply for this job

Receive alerts for other Staff Application Security Engineer job openings

Staff Application Security Engineer

What are the responsibilities and job description for the Staff Application Security Engineer position at Credit Acceptance Corporation?

What is the career path for a Staff Application Security Engineer?

Job openings at Credit Acceptance Corporation

Not the job you're looking for? Here are some other Staff Application Security Engineer jobs in the Atlanta, GA area that may be a better fit.

We don't have any other Staff Application Security Engineer jobs in the Atlanta, GA area right now.

AI Assistant is available now!