×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Application Security Engineer II

Remote / Online - Candidates ideally in
Southfield, Oakland County, Michigan, 48076, USA
Listing for: Credit Acceptance Corporation
Full Time, Remote/Work from Home position
Listed on 2026-06-08
Job specializations:
  • Security
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 85695 - 125685 USD Yearly USD 85695.00 125685.00 YEAR
Job Description & How to Apply Below
Credit Acceptance is proud to be an award-winning company recognized both locally and nationally across multiple workplace categories. Our world-class culture is shaped by dedicated team members who are driven to succeed as professionals individually and together as a team. Backed by a strong product, exceptional people, and a stable financial foundation, we’ve grown into a leading provider of used and new car financing across the country.

Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions.

We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!

The Application Security Engineer is responsible for securing the software and applications that Credit Acceptance builds, buys, and operates. This role partners closely with engineering, product, architecture, and business teams to ensure that applications handling sensitive consumer, dealer, and loan data are designed, developed, and deployed in a secure manner, meeting both internal security standards and the regulatory expectations of a financial services environment.

This position focuses on embedding security into the software development lifecycle by providing hands‑on technical guidance, performing threat modeling and application security reviews, defining secure design patterns and guardrails, and supporting engineering teams as they build and maintain modern web, mobile, API, and cloud‑based applications.

Outcomes and

Activities:

This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.

Partner with engineering and architecture teams to design and review application architectures (web, mobile, API, and microservices) for security, privacy, and regulatory compliance.

Perform security reviews of applications and services at each stage of the SDLC, including design, code, building pipelines, dependencies, infrastructure‑as‑code, and third‑party components.

Identify and mitigate risks such as:

Injection, authentication/authorization, injection and session management flaws (OWASP Top 10, ASVS)
Insecure handling of NPI, PII, and payment data Management of open‑source dependency vulnerabilities and software supply chain risks

Insecure cloud configurations, secrets management, and exposed APIsSupport threat modeling and risk assessments for new and existing applications, assisting teams in implementing practical mitigations.

Assess and help mitigate security risks introduced by AI‑assisted and agentic development tools (e.g., Git Hub Copilot, Claude Code, LiteLLM), including review of AI‑generated code, exposure of source code or secrets to external models, and proper use of internal LLM gateways.

Governance, Standards, and Policy Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company.

Evaluate application security tooling (SAST, DAST, SCA, IAST, secrets scanning, ASPM) and vendors to ensure alignment with security, privacy, and compliance requirements.

Support compliance with regulatory and industry frameworks (e.g., PCI DSS, GLBA, NIST SSDF, SOX) in collaboration with legal, compliance, audit, and risk partners.

Contribute to standards and guardrails for secure use of AI‑assisted development tools and agentic coding workflows.

Collaboration & Advisory Act as a trusted security advisor to Engineering, Product, and Dev Ops teams building, maintaining and operating applications at Credit Acceptance.

Participate in design reviews, sprint planning, and architecture working sessions focused on secure development and deployment.

Provide guidance on…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search