Credit Acceptance is proud to be an award-winning company recognized both locally and nationally across multiple workplace categories. Our world-class culture is shaped by dedicated team members who are driven to succeed as professionals individually and together as a team. Backed by a strong product, exceptional people, and a stable financial foundation, we’ve grown into a leading provider of used and new car financing across the country.
Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!
Outcomes and Activities:
- This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.
- Partner with engineering and architecture teams to design and review application architectures (web, mobile, API, and microservices) for security, privacy, and regulatory compliance.
- Perform security reviews of applications and services at each stage of the SDLC, including design, code, building pipelines, dependencies, infrastructure‑as‑code, and third‑party components.
- Injection, authentication/authorization, injection and session management flaws (OWASP Top 10, ASVS)
- Insecure handling of NPI, PII, and payment data
- Management of open‑source dependency vulnerabilities and software supply chain risks
- Insecure cloud configurations, secrets management, and exposed APIs
- Support threat modeling and risk assessments for new and existing applications, assisting teams in implementing practical mitigations.
- Assess and help mitigate security risks introduced by AI‑assisted and agentic development tools (e.g., GitHub Copilot, Claude Code, LiteLLM), including review of AI‑generated code, exposure of source code or secrets to external models, and proper use of internal LLM gateways.
Governance, Standards, and Policy
- Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company.
- Evaluate application security tooling (SAST, DAST, SCA, IAST, secrets scanning, ASPM) and vendors to ensure alignment with security, privacy, and compliance requirements.
- Support compliance with regulatory and industry frameworks (e.g., PCI DSS, GLBA, NIST SSDF, SOX) in collaboration