Apply on Employer Site

Credit Acceptance · 3 hours ago

Security Operations Engineer II

United States

Full-time

Remote

Entry, Mid Level

$85K/yr - $124K/yr

2+ years exp

Credit Acceptance is an award-winning company recognized for its workplace culture and significant presence in the used car finance industry. As a Security Operations Engineer II, you will be responsible for understanding, mitigating, and responding to security threats while optimizing security operations through automation and collaboration with various teams.

Financial Services

Comp. & Benefits

No H1B

Responsibilities

Operate and tune enterprise security tools (EDR, SIEM/SOAR, WAF/proxy, email security)

Manage proxy filtering policies, exceptions, SSL inspection, and performance troubleshooting

Build automation and playbooks (Python/PowerShell, SOAR, APIs) to streamline SecOps tasks

Implement CI/CD pipelines and Infrastructure-as-Code workflows for consistent, auditable security configuration changes

Author and tune detection rules; improve signal quality and reduce false positives

Maintain and author health dashboards, uptime/coverage metrics, and change governance documentation

Conduct knowledge transfers through runbooks, how-to guides, tabletop exercises, and lunch & learn training sessions

Maintain upgrade schedules, license compliance, configuration baselines, and key/secret rotations

Administer URL/category policies, SSL inspection, identity-aware policies, geo/risk-based controls, and performance troubleshooting

Analyze block events for false positives; measure impact; retire exceptions on schedule and report residual risk

Build and maintain an automation backlog in partnership with SecOps, prioritizing high-frequency, high-toil tasks

Provide on-call support for tooling availability and ingestion/normalization issues

Report on metrics (uptime, coverage, MTTR, lead time, change success rate, exception aging)

Keep documentation, diagrams, and asset inventories current

As needed, monitor and respond to alerts raised by various toolsets as part of an ongoing 24/7 Security Operations Center

Report outages or incidents following guidelines and procedures

Detect, analyze, and respond to incidents, coordinate with other stakeholders for containing, eradicating, and recovering from an incident

Assist in developing testing criteria to implement new signatures/rules

Qualification

Cyber securitySecurity Operations Center (SOC)Endpoint DetectionResponse (EDR)Scripting in Python/PowerShellCI/CDGit workflowsInfrastructure-as-CodeIncident response processesMITRE ATT&CK FrameworkChange managementDocumentation disciplineCritical thinkingEffective communication

Required

Bachelor's degree in computer science, Information Systems, Data Science or closely related field of study or equivalent experience

Minimum 2 years of experience in cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), operations incident response, network security or security engineering

Basic experience administering, deploying and managing security tools

Basic experience operating WAF/proxy and SIEM/SOAR

Scripting in Python and/or PowerShell and building API integrations; JSON/YAML proficiency

CI/CD and Git workflows; Infrastructure-as-Code for security configurations

Basic understanding of TLS/SSL, HTTP, identity-aware policies, and egress/ingress routing

Documentation discipline and change management (ITIL basics)

Ability to produce formal and informal reports, briefings, and analysis of security controls

Experience with Endpoint Detection and Response (EDR) or Intrusion Detection System or Intrusion Prevention System (IDS/IPS) monitoring tools

Understanding of MITRE ATT&CK Framework and Cyber Kill Chain flow

Understanding of incident response processes and risk management