Credit Acceptance Corporation · 12 hours ago
Credit Acceptance Corporation | Staff Application Security Engineer GA
Maximize your interview chances
Pharmaceuticals
Insider Connection @Credit Acceptance Corporation
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Act as a technical leader in the development of a comprehensive security program to support various Software Development Lifecycles (SDLCs) and ensure that software developed in this SDLC is free of security vulnerabilities
Mature and develop the overall strategy for configuring our security policies and alerting mechanisms in our security stack
Perform threat modeling, architectural risk analysis, design reviews, code review, and security testing on applications
Provide guidance on triaging potential vulnerabilities identified by application security program with context of application and related business knowledge
Collaborate cross functionally to ensure technology is free from security defects
Create documentation, knowledge base articles, or diagrams concerning security technologies or their data flows
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in Computer Science, Information Systems, or closely related field of study; or equivalent work experience
Minimum 8 years of experience with a focus on Application Security Engineering
Experience performing threat modeling, design reviews, and secure code reviews on applications and systems
Strong familiarity with a broad range of security technologies: SIEM, CASB, SOAR, DLP, and EDR.
Strong understanding of software composition analysis and creating SBOMs
Experience with OWASP
Experience with SAST and DAST/IAST tools
Expertise with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps)
Knowledge of cloud platforms and services, with experience in cloud security
Experience with automated software and security testing tools and techniques
Experience with Docker and Kubernetes container security
Preferred
Professional experience with one or more of the following languages (C#, .NET, Java, etc.)
Professional certifications in cyber security (CSSLP, OSCP, etc.)
Financial Services industry experience
Familiarity with software assurance maturity models
Experience developing and training on threat models using STRIDE
Experience with ASPM or RASP tools
Experience with UVM tools
Mobile App testing experience
Experience with the following regulatory standards PCI-DSS, ISO 27001, SOX, NYDFS
Benefits
401(K) match
Adoption assistance
Parental leave
Tuition reimbursement
Comprehensive medical/ dental/vision
Many nonstandard benefits that make us a Great Place to Work
Company
Credit Acceptance Corporation
Funding
Current Stage
Early StageCompany data provided by crunchbase