Credit Acceptance Corporation
Staff Application Security Engineer
Credit Acceptance Corporation, Southfield, Michigan, United States, 48076
Staff Application Security Engineer
Applylocations: USA – Remotetime type: Full timeposted on: Posted 3 Days Agojob requisition id: R11692Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!As a Staff Application Security Engineer, you will be a technical leader on the Information Security team supporting technologies that enable Credit Acceptance’s security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems.Outcomes and Activities:This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.Act as a technical leader in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.Mature and develop the overall strategy for configuring our security policies and alerting mechanisms in our security stack.Perform threat modeling, architectural risk analysis, design reviews, code review, and security testing on applications.Provide guidance on triaging potential vulnerabilities identified by application security program with context of application and related business knowledge.Collaborate cross functionally to ensure technology is free from security defects.Create documentation, knowledge base articles, or diagrams concerning security technologies or their data flows.Competencies:Customer Empathy:
The ability to understand the perspectives, pain points, and experiences of customers.Engineering Excellence:
Bringing great craftsmanship and thought leadership to deliver outstanding products.One Team:
A collaborative approach across the organization to work together seamlessly.Owner’s Mindset:
A sense of responsibility, accountability, strategic thinking, and a proactive approach.Requirements:Bachelor’s degree in Computer Science, Information Systems, or closely related field of study; or equivalent work experience.Minimum 8 years of experience with a focus on Application Security Engineering.Experience performing threat modeling, design reviews, and secure code reviews on applications and systems.Strong familiarity with a broad range of security technologies: SIEM, CASB, SOAR, DLP, and EDR.Strong understanding of software composition analysis and creating SBOMs.Experience with OWASP.Experience with SAST and DAST/IAST tools.Expertise with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps).Knowledge of cloud platforms and services, with experience in cloud security.Experience with automated software and security testing tools and techniques.Experience with Docker and Kubernetes container security.Preferred Experience:Professional experience with one or more of the following languages (C#, .NET, Java, etc.).Professional certifications in cyber security (CSSLP, OSCP, etc.).Financial Services industry experience.Familiarity with software assurance maturity models.Experience developing and training on threat models using STRIDE.Experience with ASPM or RASP tools.Experience with UVM tools.Mobile App testing experience.Experience with the following regulatory standards: PCI-DSS, ISO 27001, SOX, NYDFS.Knowledge and Skills:Ability to challenge the status quo and influence stakeholders to create innovative solutions.Collaborative with other team members, seeking a diversity of thought to meet business outcomes.Ability to foster strong relationships across the organization.Strong understanding of relevant and emerging technologies.Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership.Targeted Total Compensation:
A competitive base salary + an annual variable bonus (cash and equity) will range from $165,000 to $253,750. This position may also be eligible for a sign-on RSU grant.Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications, and geographic locations.Benefits:Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/dental/vision, and many nonstandard benefits that make us a Great Place to Work.Our Company Values:
To be successful in this role, Team Members need to be:Positive by maintaining resiliency and focusing on solutions.Respectful by collaborating and actively listening.Insightful by cultivating innovation, accumulating business and role specific knowledge.Direct by effectively communicating and conveying courage.Earnest by taking accountability, applying feedback, and effectively planning and priority setting.Expectations:Remain compliant with our policies, processes, and legal guidelines.All other duties as assigned.Attendance as required by department.Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person’s age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.
#J-18808-Ljbffr
Applylocations: USA – Remotetime type: Full timeposted on: Posted 3 Days Agojob requisition id: R11692Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!As a Staff Application Security Engineer, you will be a technical leader on the Information Security team supporting technologies that enable Credit Acceptance’s security goals and objectives, securing the confidentiality, integrity and availability of software and computer information systems.Outcomes and Activities:This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.Act as a technical leader in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities.Mature and develop the overall strategy for configuring our security policies and alerting mechanisms in our security stack.Perform threat modeling, architectural risk analysis, design reviews, code review, and security testing on applications.Provide guidance on triaging potential vulnerabilities identified by application security program with context of application and related business knowledge.Collaborate cross functionally to ensure technology is free from security defects.Create documentation, knowledge base articles, or diagrams concerning security technologies or their data flows.Competencies:Customer Empathy:
The ability to understand the perspectives, pain points, and experiences of customers.Engineering Excellence:
Bringing great craftsmanship and thought leadership to deliver outstanding products.One Team:
A collaborative approach across the organization to work together seamlessly.Owner’s Mindset:
A sense of responsibility, accountability, strategic thinking, and a proactive approach.Requirements:Bachelor’s degree in Computer Science, Information Systems, or closely related field of study; or equivalent work experience.Minimum 8 years of experience with a focus on Application Security Engineering.Experience performing threat modeling, design reviews, and secure code reviews on applications and systems.Strong familiarity with a broad range of security technologies: SIEM, CASB, SOAR, DLP, and EDR.Strong understanding of software composition analysis and creating SBOMs.Experience with OWASP.Experience with SAST and DAST/IAST tools.Expertise with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps).Knowledge of cloud platforms and services, with experience in cloud security.Experience with automated software and security testing tools and techniques.Experience with Docker and Kubernetes container security.Preferred Experience:Professional experience with one or more of the following languages (C#, .NET, Java, etc.).Professional certifications in cyber security (CSSLP, OSCP, etc.).Financial Services industry experience.Familiarity with software assurance maturity models.Experience developing and training on threat models using STRIDE.Experience with ASPM or RASP tools.Experience with UVM tools.Mobile App testing experience.Experience with the following regulatory standards: PCI-DSS, ISO 27001, SOX, NYDFS.Knowledge and Skills:Ability to challenge the status quo and influence stakeholders to create innovative solutions.Collaborative with other team members, seeking a diversity of thought to meet business outcomes.Ability to foster strong relationships across the organization.Strong understanding of relevant and emerging technologies.Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership.Targeted Total Compensation:
A competitive base salary + an annual variable bonus (cash and equity) will range from $165,000 to $253,750. This position may also be eligible for a sign-on RSU grant.Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications, and geographic locations.Benefits:Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/dental/vision, and many nonstandard benefits that make us a Great Place to Work.Our Company Values:
To be successful in this role, Team Members need to be:Positive by maintaining resiliency and focusing on solutions.Respectful by collaborating and actively listening.Insightful by cultivating innovation, accumulating business and role specific knowledge.Direct by effectively communicating and conveying courage.Earnest by taking accountability, applying feedback, and effectively planning and priority setting.Expectations:Remain compliant with our policies, processes, and legal guidelines.All other duties as assigned.Attendance as required by department.Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person’s age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.
#J-18808-Ljbffr