FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Application Security Engineer II
Credit AcceptanceApplication Security Engineer securing software and applications at Credit Acceptance. Partnering with engineering teams to ensure secure development practices and reviews.
Posted 6/5/2026full-timeSouthfield • Missouri • 🇺🇸 United StatesMid-LevelSenior💰 $85,695 - $125,685 per yearWebsite
Tech Stack
Tools & technologiesAWSAzureCloudGoogle Cloud PlatformSDLC
About the role
Key responsibilities & impact- The Application Security Engineer is responsible for securing the software and applications that Credit Acceptance builds, buys, and operates.
- This role partners closely with engineering, product, architecture, and business teams to ensure that applications handling sensitive consumer, dealer, and loan data are designed, developed, and deployed in a secure manner.
- This position focuses on embedding security into the software development lifecycle by providing hands‑on technical guidance, performing threat modeling and application security reviews, defining secure design patterns and guardrails, and supporting engineering teams as they build and maintain modern web, mobile, API, and cloud‑based applications.
- This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required.
- Partner with engineering and architecture teams to design and review application architectures for security, privacy, and regulatory compliance.
- Perform security reviews of applications and services at each stage of the SDLC, including design, code, and building pipelines.
Requirements
What you’ll need- Bachelor’s Degree or equivalent experience
- 3+ years of experience in application security, product security, or secure software development.
- 2+ years of hands-on experience performing application security reviews, penetration testing, threat modeling, or secure code review.
- Experience securing modern web, mobile, and API-based applications in a regulated industry (e.g., financial services, healthcare).
- Familiarity with the OWASP Top 10, OWASP ASVS, and OWASP SAMM, and with software supply chain frameworks such as SLSA.
- Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerized environments.
- Knowledge of regulatory and compliance considerations relevant to financial services (e.g., PCI DSS, GLBA, SOX).
- Experience embedding security into software development workflows (DevSecOps) and CI/CD pipelines.
- Hands-on experience with application security tooling such as SAST, DAST, SCA, IAST, secrets scanning, or ASPM platforms.
- Relevant certifications (e.g., GWAPT, GWEB, OSWE, CSSLP, CISSP) a plus.
- Familiarity with security considerations for AI-assisted development environments (e.g., GitHub Copilot, Claude Code) and LLM gateway/proxy tooling (e.g., LiteLLM).
Benefits
Comp & perks- Excellent benefits package that includes 401(K) match
- Adoption assistance
- Parental leave
- Tuition reimbursement
- Comprehensive medical/dental/vision and many nonstandard benefits
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securitysecure software developmentpenetration testingthreat modelingsecure code reviewDevSecOpsCI/CD pipelinesapplication security toolingSASTDAST
Certifications
GWAPTGWEBOSWECSSLPCISSP