Application Security Engineer II

Credit AcceptanceCredit Acceptance·Remote(United States)
Cybersecurity
Excel

WFA Digital Insight

As demand for security specialists grows, driven by increasing regulatory requirements and threats, roles like Application Security Engineer II are in high demand. With a 25% increase in security breaches in the past year, companies like Credit Acceptance are focusing on embedding security into their software development lifecycle. This role stands out for its emphasis on collaboration and professional development, with a company culture that values transparency and work-life balance. Before applying, candidates should be aware of the need for expertise in secure coding practices, compliance frameworks, and threat modeling.

Job Description

About the Role

The Application Security Engineer II role at Credit Acceptance is a critical position focused on securing the software and applications that the company builds, buys, and operates. This involves collaborating closely with engineering, product, architecture, and business teams to ensure that applications handling sensitive consumer, dealer, and loan data are designed, developed, and deployed in a secure manner. The role is part of a team that values being challenged, expresses ideas freely, and enjoys a casual work environment with a Great Place to Work culture.

Day-to-day, the Application Security Engineer II will be responsible for embedding security into the software development lifecycle. This includes providing hands-on technical guidance, performing threat modeling and application security reviews, defining secure design patterns and guardrails, and supporting engineering teams as they build and maintain modern web, mobile, API, and cloud-based applications.

The role is based in the United States, with the option to work from home and occasional planned travel to the Southfield, Michigan office location. Credit Acceptance is an award-winning company recognized for its workplace culture, and the engineering and analytics teams utilize the latest technology to develop, monitor, and maintain complex practices that help optimize the company's success.

What You Will Do

  • Partner with engineering and architecture teams to design and review application architectures for security, privacy, and regulatory compliance.
  • Perform security reviews of applications and services at each stage of the SDLC, including design, code, building pipelines, dependencies, infrastructure-as-code, and third-party components.
  • Identify and mitigate risks such as injection, authentication/authorization, and session management flaws.
  • Support threat modeling and risk assessments for new and existing applications.
  • Assess and help mitigate security risks introduced by AI-assisted and agentic development tools.
  • Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company.
  • Evaluate application security tooling and vendors to ensure alignment with security, privacy, and compliance requirements.
  • Support compliance with regulatory and industry frameworks in collaboration with legal, compliance, audit, and risk partners.
  • Act as a trusted security advisor to Engineering, Product, and DevOps teams.

What We Are Looking For

  • Experience in application security, preferably in a financial services environment.
  • Strong knowledge of secure coding practices, compliance frameworks, and threat modeling.
  • Ability to partner with cross-functional teams, including engineering, product, and architecture.
  • Experience with security reviews of applications and services at each stage of the SDLC.
  • Familiarity with regulatory and industry frameworks, such as PCI DSS, GLBA, NIST SSDF, and SOX.
  • Strong analytical and problem-solving skills, with the ability to identify and mitigate security risks.
  • Experience with application security tooling, such as SAST, DAST, SCA, IAST, secrets scanning, and ASPM.
  • Knowledge of cloud security, including insecure cloud configurations, secrets management, and exposed APIs.
  • Ability to work in a fast-paced environment and collaborate with remote teams.

Nice to Have

  • Experience with AI-assisted and agentic development tools.
  • Knowledge of machine learning and data science concepts.
  • Familiarity with DevOps practices and tools, such as GitHub, Jenkins, and Docker.
  • Experience with containerization and orchestration using Kubernetes.
  • Certification in application security, such as CompTIA Security+ or CISSP.

Benefits and Perks

  • Competitive compensation package.
  • Opportunity to work with a leading provider of used and new car financing.
  • Collaborative and dynamic work environment with a Great Place to Work culture.
  • Professional development opportunities, including training and conference attendance.
  • Flexible work arrangements, including remote work options and flexible hours.
  • Comprehensive benefits package, including health insurance, 401(k) matching, and paid time off.
  • Access to the latest technology and tools, including application security tooling and AI-assisted development tools.
  • Recognition and reward programs for outstanding performance and contributions.
  • Career advancement opportunities, including promotion and lateral moves within the company.

How to Stand Out

  • Develop a strong understanding of secure coding practices and compliance frameworks to stand out in the application process.
  • Showcase your experience with threat modeling and risk assessments, and be prepared to provide examples of how you have identified and mitigated security risks in previous roles.
  • Familiarize yourself with the company's technology stack and be prepared to discuss how you can contribute to the development and maintenance of secure applications.
  • Highlight your ability to collaborate with cross-functional teams, including engineering, product, and architecture, and provide examples of successful partnerships in previous roles.
  • Be prepared to discuss your experience with application security tooling and vendors, and how you have evaluated and implemented security solutions in previous roles.
  • Consider obtaining certification in application security, such as CompTIA Security+ or CISSP, to demonstrate your expertise and commitment to the field.
  • Research the company culture and values, and be prepared to discuss how your skills and experience align with the company's mission and goals.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.