Application Security Engineer II

The Application Security Engineer at Credit Acceptance is responsible for securing the company's software and applications, working closely with engineering, product, architecture, and business teams to ensure security standards and regulatory compliance in a financial services environment.

Location: Remote (US)

Salary: $85,695–$125,685

Responsibilities

• Design and review application architectures for security, privacy, and compliance.
• Perform security reviews at each stage of the SDLC, including design, code, pipelines, dependencies, infrastructure-as-code, and third-party components.
• Identify and mitigate risks such as injection, authentication/authorization flaws, insecure handling of sensitive data, open-source vulnerabilities, insecure cloud configurations, and exposed APIs.
• Support threat modeling and risk assessments for applications, including AI-assisted development tools.

Requirements

• Bachelor’s Degree or equivalent experience
• 3+ years of experience in application security, product security, or secure software development.
• 2+ years of hands-on experience performing application security reviews, penetration testing, threat modeling, or secure code review.

Benefits

• Excellent benefits including 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/dental/vision, and other nonstandard benefits.

Additional Information

• This position is remote with occasional travel to Southfield, Michigan. Candidates in major metro areas like San Francisco, Seattle, Boston, NYC, LA, and San Diego may be eligible for a salary premium.
• Target compensation is $85,695–$125,685, with an annual bonus potential of 7.5-15%.