← all jobs

[Remote] Application Security Engineer II

Work from home Full-time role Hiring

Note: The job is a remote job and is open to candidates in USA. Credit Acceptance is an award-winning company recognized for its workplace culture and commitment to professional development. The Application Security Engineer is responsible for securing software and applications, ensuring they meet internal security standards and regulatory expectations, while collaborating with various teams throughout the software development lifecycle.

Responsibilities

  • Partner with engineering and architecture teams to design and review application architectures (web, mobile, API, and microservices) for security, privacy, and regulatory compliance
  • Perform security reviews of applications and services at each stage of the SDLC, including design, code, building pipelines, dependencies, infrastructure‑as‑code, and third‑party components
  • Identify and mitigate risks such as:
  • Injection, authentication/authorization, injection and session management flaws (OWASP Top 10, ASVS)
  • Insecure handling of NPI, PII, and payment data
  • Management of open‑source dependency vulnerabilities and software supply chain risks
  • Insecure cloud configurations, secrets management, and exposed APIs
  • Support threat modeling and risk assessments for new and existing applications, assisting teams in implementing practical mitigations
  • Assess and help mitigate security risks introduced by AI‑assisted and agentic development tools (e.g., GitHub Copilot, Claude Code, LiteLLM), including review of AI‑generated code, exposure of source code or secrets to external models, and proper use of internal LLM gateways
  • Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company
  • Evaluate application security tooling (SAST, DAST, SCA, IAST, secrets scanning, ASPM) and vendors to ensure alignment with security, privacy, and compliance requirements
  • Support compliance with regulatory and industry frameworks (e.g., PCI DSS, GLBA, NIST SSDF, SOX) in collaboration with legal, compliance, audit, and risk partners
  • Contribute to standards and guardrails for secure use of AI‑assisted development tools and agentic coding workflows
  • Act as a trusted security advisor to Engineering, Product, and DevOps teams building, maintaining and operating applications at Credit Acceptance
  • Participate in design reviews, sprint planning, and architecture working sessions focused on secure development and deployment
  • Provide guidance on the secure use of frameworks, libraries, APIs, authentication systems, and cloud services that interact with company systems and data
  • Advise engineering teams on safe adoption of AI coding assistants and agentic development tools, including approved usage patterns, data handling expectations, and review of AI‑generated changes
  • Stay current on application security threats, vulnerabilities, and best practices, including emerging risks across web, mobile, API, and cloud‑native applications
  • Recommend improvements to tooling, processes, and controls to strengthen the company's application security posture and shift security left in the SDLC
  • Contribute to internal documentation, secure coding training, and security enablement for developers and engineering teams

Skills

  • Bachelor's Degree or equivalent experience
  • 3+ years of experience in application security, product security, or secure software development
  • 2+ years of hands‑on experience performing application security reviews, penetration testing, threat modeling, or secure code review
  • Experience securing modern web, mobile, and API‑based applications in a regulated industry (e.g., financial services, healthcare)
  • Familiarity with the OWASP Top 10, OWASP ASVS, and OWASP SAMM, and with software supply chain frameworks such as SLSA
  • Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerized environments
  • Knowledge of regulatory and compliance considerations relevant to financial services (e.g., PCI DSS, GLBA, SOX)
  • Experience embedding security into software development workflows (DevSecOps) and CI/CD pipelines
  • Hands‑on experience with application security tooling such as SAST, DAST, SCA, IAST, secrets scanning, or ASPM platforms
  • Relevant certifications (e.g., GWAPT, GWEB, OSWE, CSSLP, CISSP) a plus
  • Familiarity with security considerations for AI‑assisted development environments (e.g., GitHub Copilot, Claude Code) and LLM gateway/proxy tooling (e.g., LiteLLM)

Benefits

  • Annual variable cash bonus, between 7.5 - 15%. Bonus amounts are based on individual performance.
  • Premium on top of the posted range based on their specific zone: San Francisco, Seattle, Boston, New York City, Los Angeles and San Diego.
  • Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work

Company Overview

  • Credit Acceptance is an indirect finance company that helps eligible consumers restart financially. It was founded in 1972, and is headquartered in Southfield, Michigan, USA, with a workforce of 1001-5000 employees. Its website is http://www.creditacceptance.com/.
  • Company H1B Sponsorship

  • Credit Acceptance has a track record of offering H1B sponsorships, with 10 in 2026, 48 in 2025, 46 in 2024, 15 in 2023, 30 in 2022, 24 in 2021, 16 in 2020. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Proton System Administrator

    Work from home Full-time role

    [Remote] Sales Account Manager

    Work from home Full-time role

    [Remote] Industrial Water Project Manager

    Work from home Full-time role

    [Remote] Principal Enterprise Account Executive (LA, Irvine or San Diego)

    Work from home Full-time role

    [Remote] Healthcare EiPaaS Developer

    Work from home Full-time role

    Customer Success Representative

    Work from home Full-time role

    Tutor Role Description – Professional Diploma in Obesity Care

    Work from home Full-time role

    Head of Sales Enablement

    Work from home Full-time role

    Sr. Director Digital Solutions Delivery

    Work from home Full-time role

    RVP, Strategic Accounts

    Work from home Full-time role

    Remote Customer Service Representative – Aviation Support & Passenger Experience Specialist (Remote) at careerzynith

    Work from home Full-time role

    ABA Technician at Home/Part time - Larned, KS

    Work from home Full-time role

    Remote Customer Service Representative – Airline Travel Support, Booking & Issue Resolution for careerzynith (Fully Remote, Part‑Time)

    Work from home Full-time role

    Remote Entry‑Level Data Entry & Marketplace Account Manager – Grow the 3P Marketplace for careerzynith (Panama)

    Work from home Full-time role

    [Remote] Customer Service Remote $129k No Experience Necessary

    Work from home Full-time role

    Legal Collections Specialist, Client Account Specialist

    Work from home Full-time role

    Remote Entry Level Sports Travel & Event Coordinator

    Work from home Full-time role

    Senior Manager, Social Media Customer Support – Leading careerzynith’s Direct‑to‑Consumer Viewer Experience and Community Engagement

    Work from home Full-time role

    Manager, Programs

    Work from home Full-time role

    Remote Customer Support Specialist – Aviation Passenger Experience & Service Excellence at careerzynith

    Work from home Full-time role

    Customer Service Processor Apprentice – 12‑24 Month Insurance Claims & Service Training Program in Charlotte, NC

    Work from home Full-time role