Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Application Security Engineer II

$85.7k - $125.69k

Credit Acceptance

Credit Acceptance is proud to be an award-winning company recognized both locally and nationally across multiple workplace categories. Our world-class culture is shaped by dedicated team members who are driven to succeed as professionals individually and together as a team. Backed by a strong product, exceptional people, and a stable financial foundation, we've grown into a leading provider of used and new car financing across the country.

Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!

The Application Security Engineer is responsible for securing the software and applications that Credit Acceptance builds, buys, and operates. This role partners closely with engineering, product, architecture, and business teams to ensure that applications handling sensitive consumer, dealer, and loan data are designed, developed, and deployed in a secure manner, meeting both internal security standards and the regulatory expectations of a financial services environment.

This position focuses on embedding security into the software development lifecycle by providing hands-on technical guidance, performing threat modeling and application security reviews, defining secure design patterns and guardrails, and supporting engineering teams as they build and maintain modern web, mobile, API, and cloud-based applications.

Outcomes and Activities:
  • This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.
  • Partner with engineering and architecture teams to design and review application architectures (web, mobile, API, and microservices) for security, privacy, and regulatory compliance.
  • Perform security reviews of applications and services at each stage of the SDLC, including design, code, building pipelines, dependencies, infrastructure-as-code, and third-party components.
  • Identify and mitigate risks such as:
    • Injection, authentication/authorization, injection and session management flaws (OWASP Top 10, ASVS)
    • Insecure handling of NPI, PII, and payment data
    • Management of open-source dependency vulnerabilities and software supply chain risks
    • Insecure cloud configurations, secrets management, and exposed APIs
  • Support threat modeling and risk assessments for new and existing applications, assisting teams in implementing practical mitigations.
  • Assess and help mitigate security risks introduced by AI-assisted and agentic development tools (e.g., GitHub Copilot, Claude Code, LiteLLM), including review of AI-generated code, exposure of source code or secrets to external models, and proper use of internal LLM gateways.
Governance, Standards, and Policy
  • Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company.
  • Evaluate application security tooling (SAST, DAST, SCA, IAST, secrets scanning, ASPM) and vendors to ensure alignment with security, privacy, and compliance requirements.
  • Support compliance with regulatory and industry frameworks (e.g., PCI DSS, GLBA, NIST SSDF, SOX) in collaboration with legal, compliance, audit, and risk partners.
  • Contribute to standards and guardrails for secure use of AI-assisted development tools and agentic coding workflows.
Collaboration & Advisory
  • Act as a trusted security advisor to Engineering, Product, and DevOps teams building, maintaining and operating applications at Credit Acceptance.
  • Participate in design reviews, sprint planning, and architecture working sessions focused on secure development and deployment.
  • Provide guidance on the secure use of frameworks, libraries, APIs, authentication systems, and cloud services that interact with company systems and data.
  • Advise engineering teams on safe adoption of AI coding assistants and agentic development tools, including approved usage patterns, data handling expectations, and review of AI-generated changes.
Continuous Improvement
  • Stay current on application security threats, vulnerabilities, and best practices, including emerging risks across web, mobile, API, and cloud-native applications.
  • Recommend improvements to tooling, processes, and controls to strengthen the company's application security posture and shift security left in the SDLC.
  • Contribute to internal documentation, secure coding training, and security enablement for developers and engineering teams.
Competencies:
  • Customer Empathy: Customer Empathy is the ability to understand the perspectives, pain points, and experiences of customers. It involves actively putting oneself in the customer's shoes, comprehending their needs and challenges, and using that understanding to provide a better, more customer-centric experience.
  • Engineering Excellence: Engineering Excellence is about bringing great craftsmanship and thought leadership to deliver an outstanding product that delights customers and solves for the business. This involves the pursuit and achievement of high standards, best practices, innovation, and superior solutions.
  • One Team: A One Team mindset refers to a collaborative approach across the organization, where individuals work together seamlessly, without boundaries, as a single, cohesive team. Shared goals, open communication and mutual support create a sense of collective purpose. This enables teams to navigate challenges and pursue shared objectives more effectively.
  • Owner's Mindset: Owner's Mindset involves adopting a set of behaviors that reflect a sense of responsibility, accountability, strategic thinking, and a proactive approach to managing your domain. As an owner, you understand the business and your domain(s) deeply and solve for the right outcome for the domain(s) and the business.
Required:
  • Bachelor's Degree or equivalent experience
  • 3+ years of experience in application security, product security, or secure software development.
  • 2+ years of hands-on experience performing application security reviews, penetration testing, threat modeling, or secure code review.
Preferred:
  • Experience securing modern web, mobile, and API-based applications in a regulated industry (e.g., financial services, healthcare).
  • Familiarity with the OWASP Top 10, OWASP ASVS, and OWASP SAMM, and with software supply chain frameworks such as SLSA.
  • Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerized environments.
  • Knowledge of regulatory and compliance considerations relevant to financial services (e.g., PCI DSS, GLBA, SOX).
  • Experience embedding security into software development workflows (DevSecOps) and CI/CD pipelines.
  • Hands-on experience with application security tooling such as SAST, DAST, SCA, IAST, secrets scanning, or ASPM platforms.
  • Relevant certifications (e.g., GWAPT, GWEB, OSWE, CSSLP, CISSP) a plus.
  • Familiarity with security considerations for AI-assisted development environments (e.g., GitHub Copilot, Claude Code) and LLM gateway/proxy tooling (e.g., LiteLLM).
Knowledge and Skills:
  • Strong understanding of modern software development practices, frameworks, and architectures (web, mobile, API, microservices, serverless).
  • Working knowledge of common application vulnerabilities and exploitation techniques, and the controls that mitigate them.
  • Understanding of authentication, authorization, identity, cryptography, and secure data handling patterns.
  • Familiarity with threat modeling, security testing, and risk assessment techniques.
  • Ability to read and reason about code in one or more common programming languages.
  • Working knowledge of AI-assisted and agentic software development tools (e.g., GitHub Copilot, Claude Code, LiteLLM) and the security risks they introduce in the SDLC.
  • Ability to communicate security risks and recommendations clearly to both technical and non-technical audiences.
Target Compensation: A competitive base salary range from $85,695 - $125,685. This position is eligible for an annual variable cash bonus, between 7.5 - 15%. Bonus amounts are based on individual performance. Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications.


Candidates who reside in the following major metropolitan areas may be eligible for a premium on top of the posted range based on their specific zone: San Francisco, Seattle, Boston, New York City, Los Angeles and San Diego.


INDENGLP

#zip

#LI-Remote

Benefits
  • Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work
Our Company Values:

To be successful in this role, Team Members need to be:
  • Positive by maintaining resiliency and focusing on solutions
  • Respectful by collaborating and actively listening
  • Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
  • Direct by effectively communicating and conveying courage
  • Earnest by taking accountability, applying feedback and effectively planning and priority setting
Expectations:
  • Remain compliant with our policies processes and legal guidelines
  • All other duties as assigned
  • Attendance as required by department

Advice !

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term. If you are actively looking or starting to explore new opportunities, send us your application!


P.S .

We have great details around our stats, success, history and more. We're proud of our culture and are happy to share why - let's talk!

Required degrees must have been earned at institutions of Higher Education which are accredited by the Council for Higher Education Accreditation or equivalent.

Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person's age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.

California Residents: Please click here for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.

Play the video below to learn more about our Company culture.
Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Application Security Engineer II in New York, NY vacancy
  • $165k - $190k

     ...Senior Application Security Engineer New York, New York, United States Tatari is on a mission to revolutionize TV advertising. Founded in 201...  ...late-stage AdTech company with a recently attained SOC2 Type II attestation, and a clear mandate to mature our security and... 
    Suggested
    Work at office
    2 days per week

    Tatari

    New York, NY
    4 days ago
  • $98.33k - $160.74k

    Application Support Engineer II- ERP SAP HANA Job Details Job Locations: US-NJ-Secaucus Job ID: 2026-6227 # of Openings: 1 Category: Information...  ...with SAP S/4HANA Public Cloud architecture principles, security policies, and operational standards. Finance Configuration... 
    Suggested
    Full time
    Contract work
    Temporary work
    Work at office
    Local area
    Flexible hours

    Yusen Logistics Americas Inc.

    Secaucus, NJ
    5 days ago
  • Nortek Air Solutions, LLC, located in Okarche, OK, is seeking a Sales Application Engineer II to provide engineering support to our field sales representatives. The ideal candidate will have a Bachelor's degree in Engineering along with experience in technical communication... 
    Suggested
    Full time

    Nortek Air Solutions, LLC

    Brooklyn, NY
    6 days ago
  • $80.64k - $120.96k

     ...depends on start date), and military leave benefits. Shape the future of smart buildings and critical environments. As a Systems Application Engineer II , you’ll design and deliver innovative building automation solutions that improve energy efficiency, comfort, and... 
    Suggested
    Full time
    Temporary work
    For contractors
    Flexible hours

    Schneider Electric

    New York, NY
    2 days ago
  • $156.5k - $187.5k

     ...deal information. About You: Versana is looking for a Security Engineer to join our InfoSec squad. You will play an essential role...  ...technologies. Key Responsibilities: Perform and validate application & API security testing (OWASP & API Top 10, business logic... 
    Suggested
    Local area
    Early shift

    Versana

    New York, NY
    3 days ago
  •  ...Application Security Engineer Cloud Engineering/DevOps Join a dynamic application security team focused on building and maturing security programs within a fast-paced, collaborative environment. This role involves supporting secure development practices, security operations... 

    Delphi-US, LLC - Peacemakers in the Talent War

    New York, NY
    3 days ago
  •  ...As a Senior Security Engineer on the AppSec Foundations team, you will be instrumental in making secure behavior the default across the the...  ...on turning findings into systemic improvements Leverage application telemetry (logs, traces, metrics) to assess security posture... 

    United States Digital Space LLC

    New York, NY
    4 days ago
  •  ...across 17+ industries. We rank among the leaders in areas like application development and AI/ML, and our people-first culture has...  ...you! ABOUT THE ROLE We are looking for a Middle Application Security Engineer to execute hands‑on DevSecOps work across CI/CD pipeline security... 
    Work at office
    Remote work
    Flexible hours

    AgileEngine

    New York, NY
    2 days ago
  •  ...Security | Application Security Engineer SOFTSWISS is growing, and we are seeking a skilled Application Security Engineer to join our team. If you are driven by excellence and share our values, we would love to hear from you. Purpose of the role: Our goal is to make sure... 
    Local area

    Softswiss

    New York, NY
    1 day ago
  • $180k - $225k

     ...Summary Join our dynamic team as a Senior Application Security Engineer, where you’ll play a pivotal role in securing Temporal’s development pipeline, product, and customer execution environment. In this position, you’ll work closely with software engineering teams and... 
    Temporary work
    Remote work
    Work from home
    Home office

    temporal

    New York, NY
    2 days ago
  • $150k - $173k

     ...If you want to work on systems that actually move the world—literally—you’re in the right place. Position Summary: The Application Security Engineer III will serve as a technical leader dedicated to helping us build an even more secure software ecosystem for our customers... 
    Work experience placement
    Work from home
    Flexible hours
    Shift work

    EasyPost

    New York, NY
    4 days ago
  • $130k - $218k

     ...MetaMask MetaMask aims to create a thriving engineering organization that supports the well‑...  ...a cryptographic key manager and web3 application development platform. As this user base...  ...us that we keep our users as safe and secure as possible. We are looking for a Senior... 
    Remote work
    Shift work

    ConsenSys

    New York, NY
    4 days ago
  • $180k - $190k

     ...role: Branch is seeking an experienced Security professional to join our team. This position...  ...will have a background in securing applications, networks, cloud environments, and...  ...security into the SDLC by partnering with Engineering to implement secure design patterns, conduct... 
    Remote work
    Home office
    Flexible hours

    Branch

    New York, NY
    4 days ago
  •  ...Hampton North is partnered with an international brand to find a senior-level Application Security Engineer focusing on safeguarding the confidentiality, integrity, and accessibility of enterprise data through secure application development practices with emphasis on cloud... 
    Contract work
    Remote work

    Hampton North

    New York, NY
    4 days ago
  • $190k - $250k

     ...performance, our value-oriented philosophy - and our people. We are seeking a Director of Application Security to join Apollo's global Cyber Security & Risk team within Engineering. This leader will define and drive the firm's application security strategy-... 

    Apollo Global Management

    New York, NY
    2 days ago
  • $190k - $250k

     ...delivering uncommon value to our investors and shareholders. We are seeking a Director of Application Security to join Apollo’s global Cyber Security & Risk team within Engineering. The leader will define and drive the firm’s application security strategy, strengthening... 

    Athene

    New York, NY
    5 days ago
  •  ...at massive scale as Adaptive builds the security layer for the AI era. Trusted by...  ...protecting organizations from AI-powered social engineering - deepfake phone calls, spear phishing,...  ...be best in class. We're looking for an Application Security Engineer to own application... 

    Adaptive Security Corporation

    New York, NY
    1 day ago
  •  ...world. Because at Valence, the work worth doing is the kind that redefines work itself. The Role We are seeking a seasoned Application Security Engineer to help us secure our products and platform that serve our Fortune500 customers. In this pivotal role, you will be... 
    Full time
    Freelance
    Work from home

    Valence

    New York, NY
    6 days ago
  • $130k - $218k

    A leading blockchain company is seeking a Senior Application Security Engineer to join their growing security team. The role involves embedding security throughout the software development lifecycle for MetaMask products, ensuring they meet high-security standards. Applicants... 
    Remote job

    Consensys

    New York, NY
    4 days ago
  • $215k - $230k

    A leading blockchain intelligence firm is looking for an Application Security Engineer to secure mission-critical infrastructure. The role involves leading security reviews, developing testing methodologies, and managing vulnerability assessment processes. Candidates should... 

    Crypto Pro Network

    New York, NY
    4 days ago
  • the company | Senior Application Security Engineer, Product Security Engineer, Manager - Product Security | San Francisco / Chicago / New York | Hybrid I’m an Engineering Manager in Security at the company, and we’re actively hiring for three roles on our broader Product... 

    United States Digital Space LLC

    New York, NY
    4 days ago
  • $135k - $200k

     ...defense, intelligence, and commercial applications. We are trusted by our customers to protect...  .... The mission of the Application Security Team is to enable developers to be highly...  ...important. As an Application Security Engineer, you will be hands‑on and have wide‑ranging... 
    Work experience placement
    Work at office
    Remote work
    Work from home
    Relocation package

    Palantir Technologies

    New York, NY
    1 day ago
  • GuidePoint Security, LLC in the United States seeks cybersecurity professionals to leverage expertise in Static Application Security Testing and CI/CD practices. The role involves working...  ...’s degree and extensive security engineering experience. Benefits include remote... 
    Remote job
    Flexible hours

    GuidePoint Security, LLC

    New York, NY
    5 days ago
  • $130k - $185k

    BetterHelp is looking for a Senior Security Software Engineer for its Application Security Team. You will work in a collaborative environment focused on enhancing application security through vulnerability triage, code review, and secure coding practices. With a salary... 
    Remote job

    BetterHelp

    New York, NY
    6 days ago
  •  ...providing a wide range of investment banking, securities, investment management and wealth...  ...Strategy by architecting, engineering, deploying and operating technical security...  ...agile delivery and adoption of Cloud and application security control implementations by development... 
    Work experience placement

    ALLTECH CONSULTING SVC INC

    New York, NY
    4 days ago
  • Trail of Bits Inc. is seeking a Security Engineer to join their Software Assurance practice in New York, NY. This role involves conducting...  ...level code analysis and developing security tools to enhance application security. You'll work with industry-leading technology... 

    Trail of Bits

    New York, NY
    6 days ago
  • Application Security Engineer (Senior) ID71672 Full time | AgileEngine | United States Posted On 06/18/2026 Job Information City New York State/Province New York 10004 IT Services Job Description AgileEngine is an Inc. 5000 company that creates award-winning software... 
    Full time
    Work at office
    Remote work
    Visa sponsorship
    Work visa
    Flexible hours

    AgileEngine, LLC.

    New York, NY
    3 days ago
  • Magnus Technologies inc. in New York, NY is looking for an experienced Application Security Engineer to join their security team. The role involves ensuring applications are secure by design and resilient against threats, requiring collaboration with developers and DevOps... 

    Itlearn360

    New York, NY
    6 days ago
  • $110k - $140k

    A fintech company in New York is seeking a proactive Security Engineer to safeguard their information systems. The role encompasses responsibilities in application and API security testing, incident response, and vulnerability management. The ideal candidate has over 3... 

    Versana

    New York, NY
    5 days ago
  • Menlo Ventures is looking for an Application Security professional to join Anthropic in New York City. This role focuses on integrating security...  ...management, and develop educational resources to empower engineers. Ideal candidates will have 7+ years of experience in... 
    Shift work

    Menlo Ventures

    New York, NY
    2 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Application Security Engineer II. Be the first to apply!