Senior Cloud Security Engineer

Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.

Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success. Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance. We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions. We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!

We are looking for a highly motivated Cloud Security Engineer to join our Engineering Security function reporting to the Director of Engineering Security and Compliance. Our company is committed to building innovative technologies and future-proofing our business to stay ahead in the ever-changing digital landscape. We are seeking a passionate individual who is excited about protecting cutting-edge web applications built on public cloud such as AWS and Azure. The ideal candidate should possess strong cloud security skills, hybrid/multi-cloud network concepts, a deep understanding of secure software development life cycle methodologies, and a keen eye for detail. As a Cloud Security Engineer, you will be an essential part of the Engineering Security team, focused on ensuring the security of the Credit Acceptance web applications and cloud infrastructure through the continual improvement of security tooling, automation, and engagement with internal stakeholders.

Outcomes and Activities:

This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member
Design and Implement cloud security architecture using zero-trust principles.
Automate security controls, data, and processes to provide better metrics and operational support using security-as-code.
Configure network security including in a hybrid context with traditional network centric controls
Design and Implement host-based security monitoring (E.g. AWS Inspector), network security tooling, or other infrastructure related security projects.
Assess and support application migration efforts including but not limited to network connectivity architecture.
Conduct Threat modeling to support business requirements.
Define and implement IaC validation to prevent insecure configuration from being deployed.
Configure access within the cloud environment using the defense-in-depth principle.
Assess cloud systems and infrastructure to identify potential weaknesses or problems and upgrade software, VMs, containers to ensure optimal performance of cloud environment and security tools,
Develop automated security compliance, remediate misconfigurations, vulnerabilities in the code/configurations.
Lead cloud security issue remediation, troubleshooting and continuous improvement efforts including collaborating with stakeholders to improve overall application security posture.
Support Cloud Security Maturity Assessment processes with automated security reviews.
Implement and configure security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.
Take ownership of new initiatives, work with internal security teams, ESS, engineering, and product functions to deliver actionable intelligence or solutions that will lower risk
Support our DevOps and infrastructure engineers to implement security best-practices and enable secure development and release processes.
Perform architectural and design reviews through the security lens and provide timely, actionable requirements and recommendations

Competencies: The following items detail how you will be successful in this role.

Impact Analysis: Understand the rationale behind and how changes impact the enterprise and/or applications and across the technical ecosystem.
Solution Design: Ability to translate high level requirements to create and implement designs that meet the needs of the customer, are technically sound, maintainable and cost effective. Ability to identify missing or ambiguous requirements. Ability to design at both high and low levels of abstraction, understand complex requirements and translate into understandable solutions. Ability to accurately estimate based on requirements.
Technical Domain: Have an understanding of the technical domain, including the application architecture, secure design and data of the application they support and systems to which it interfaces.
Testing Techniques: Understand the range of testing techniques available well enough to select the most effective test procedures.

Requirements:

Bachelor’s degree in Computer Science, Information Systems, or closely related field of study or equivalent experience
Minimum 6 years of experience in the Information Security field
Minimum 4 years of experience deploying services on public cloud infrastructure such as Amazon Web Services (AWS) or MS Azure
Experience architecting solutions within Amazon Web Services (AWS) or MS Azure
Experience performing design reviews to assess security implications and requirements for introduction of new technologies.
Experience deploying and customizing security tools to address threats and lower risk: vulnerability scanners, static analyzers, web application firewalls, IDS/IPS, malware analysis, network traffic flow and packet analysis, cloud security posture management (CSPM), etc.
Knowledge of networking and web protocols (TCP/IP, HTTP, TLS, REST), and the ability to analyze traffic to find anomalies.
Understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
Must have hands-on experience with AWS and Linux in a production environment.
Experience of Hybrid/Multi-cloud network design and configuration (example: AWS Direct Connect)
Knowledge of Federated Identity, RBAC, authentication & authorization solutions, etc.
Working knowledge of secure-cloud configuration, (e.g., CloudTrail, AWS Config), cloud-security technologies (e.g., VPC, Security Groups) and Cloud infrastructure entitlement management (CIEM).
Familiarity with industry compliances such as SOX, GLBA, ISO 27002, or PCI-DSS
Working knowledge of CIS, CSA and NIST best practices.
Demonstrated ability to collaborate with other teams to achieve complex objectives.

Preferred:

AWS Certified Solutions Architect – Associate or Professional certification
Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).
Strong Experience on networking tasks, e.g. IP subnetting, Network Security Groups, routing, Firewall, Direct Connect, ExpressRoute, load balancer, proxy, DNS etc.
Experience with service-oriented architecture for cloud-based services.
Experience using CI/CD pipelines to perform automated security testing and change management.
Expert in VMs, Container, Container Registry, Docker, Kubernetes security design and implementation etc.
Deep understanding of Cloud-Native Application Protection Platform (CNAPP).
Contributions to the security community, such as open source tools, research papers, conference talks, etc.

Knowledge and Skills:

Bring a strong understanding of relevant and emerging technologies, provide input and coach team members, and embed learning and innovation in the day-to-day.
Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership.

Targeted Total Compensation: $113,518 - $195,797. Total compensation is comprised of a competitive base salary and an annual variable compensation package.

INDENGHP

#zip

#LI-Remote

Benefits

Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work

Our Company Values:

To be successful in this role, Team Members need to be:

Positive by maintaining resiliency and focusing on solutions
Respectful by collaborating and actively listening
Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
Direct by effectively communicating and conveying courage
Earnest by taking accountability, applying feedback and effectively planning and priority setting

Expectations:

Remain compliant with our policies processes and legal guidelines
All other duties as assigned
Attendance as required by department

Advice!

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term. If you are actively looking or starting to explore new opportunities, send us your application!

P.S.

We have great details around our stats, success, history and more. We’re proud of our culture and are happy to share why – let’s talk!

Required degrees must have been earned at institutions of Higher Education which are accredited by the Council for Higher Education Accreditation or equivalent.

Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person’s age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.

California Residents: Please click here for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.