Role Description The Application Security Engineer is responsible for securing the software and applications that Credit Acceptance builds, buys, and operates. This role partners closely with engineering, product, architecture, and business teams to ensure that applications handling sensitive consumer, dealer, and loan data are designed, developed, and deployed in a secure manner, meeting both internal security standards and the regulatory expectations of a financial services environment. This position focuses on embedding security into the software development lifecycle by providing hands-on technical guidance, performing threat modeling and application security reviews, defining secure design patterns and guardrails, and supporting engineering teams as they build and maintain modern web, mobile, API, and cloud-based applications. This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member. Outcomes and Activities - Partner with engineering and architecture teams to design and review application architectures (web, mobile, API, and microservices) for security, privacy, and regulatory compliance. - Perform security reviews of applications and services at each stage of the SDLC, including: - Design - Code - Building pipelines - Dependencies - Infrastructure-as-code - Third-party components - Identify and mitigate risks such as: - Injection - Authentication/authorization - Injection and session management flaws (OWASP Top 10, ASVS) - Insecure handling of NPI, PII, and payment data - Management of open-source dependency vulnerabilities and software supply chain risks - Insecure cloud configurations, secrets management, and exposed APIs - Support threat modeling and risk assessments for new and existing applications, assisting teams in implementing practical mitigations. - Assess and help mitigate security risks introduced by AI-assisted and agentic development tools (e.g., GitHub Copilot, Claude Code, LiteLLM). Governance, Standards, and Policy - Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company. - Evaluate application security tooling (SAST, DAST, SCA, IAST, secrets scanning, ASPM) and vendors to ensure alignment with security, privacy, and compliance requirements. - Support compliance with regulatory and industry frameworks (e.g., PCI DSS, GLBA, NIST SSDF, SOX) in collaboration with legal, compliance, audit, and risk partners. - Contribute to standards and guardrails for secure use of AI-assisted development tools and agentic coding workflows. Collaboration & Advisory - Act as a trusted security advisor to Engineering, Product, and DevOps teams building, maintaining, and operating applications at Credit Acceptance. - Participate in design reviews, sprint planning, and architecture working sessions focused on secure development and deployment. - Provide guidance on the secure use of frameworks, libraries, APIs, authentication systems, and cloud services that interact with company systems and data. - Advise engineering teams on safe adoption of AI coding assistants and agentic development tools. Continuous Improvement - Stay current on application security threats, vulnerabilities, and best practices, including emerging risks across web, mobile, API, and cloud-native applications. - Recommend improvements to tooling, processes, and controls to strengthen the company's application security posture and shift security left in the SDLC. - Contribute to internal documentation, secure coding training, and security enablement for developers and engineering teams. Qualifications - Bachelor’s Degree or equivalent experience - 3+ years of experience in application security, product security, or secure software development. - 2+ years of hands-on experience performing application security reviews, penetration testing, threat modeling, or secure code review. Preferred - Experience securing modern web, mobile, and API-based applications in a regulated industry (e.g., financial services, healthcare). - Familiarity with the OWASP Top 10, OWASP ASVS, and OWASP SAMM, and with software supply chain frameworks such as SLSA. - Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerized environments. - Knowledge of regulatory and compliance considerations relevant to financial services (e.g., PCI DSS, GLBA, SOX). - Experience embedding security into software development workflows (DevSecOps) and CI/CD pipelines. - Hands-on experience with application security tooling such as SAST, DAST, SCA, IAST, secrets scanning, or ASPM platforms. - Relevant certifications (e.g., GWAPT, GWEB, OSWE, CSSLP, CISSP) a plus. - Familiarity with security considerations for AI-assisted development environments (e.g., GitHub Copilot, Claude Code) and LLM gateway/proxy tooling (e.g., LiteLLM). Knowledge and Skills - Strong understanding of modern software development practices, frameworks, and architectures (web, mobile, API, microservices, serverless). - Working knowledge of common application vulnerabilities and exploitation techniques, and the controls that mitigate them. - Understanding of authentication, authorization, identity, cryptography, and secure data handling patterns. - Familiarity with threat modeling, security testing, and risk assessment techniques. - Ability to read and reason about code in one or more common programming languages. - Working knowledge of AI-assisted and agentic software development tools (e.g., GitHub Copilot, Claude Code, LiteLLM) and the security risks they introduce in the SDLC. - Ability to communicate security risks and recommendations clearly to both technical and non-technical audiences. Target Compensation A competitive base salary range from $85,695 – $125,685. This position is eligible for an annual variable cash bonus, between 7.5 - 15%. Bonus amounts are based on individual performance. Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education, and certifications. Candidates who reside in the following major metropolitan areas may be eligible for a premium on top of the posted range based on their specific zone: San Francisco, Seattle, Boston, New York City, Los Angeles, and San Diego. Benefits - Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/dental/vision, and many nonstandard benefits that make us a Great Place to Work. Company Values - Positive by maintaining resiliency and focusing on solutions. - Respectful by collaborating and actively listening. - Insightful by cultivating innovation, accumulating business and role-specific knowledge, demonstrating self-awareness, and making quality decisions. - Direct by effectively communicating and conveying courage. - Earnest by taking accountability, applying feedback, and effectively planning and priority setting. Expectations - Remain compliant with our policies, processes, and legal guidelines. - All other duties as assigned. - Attendance as required by department.

Role Description The Retail Banking Operations in ING’s largest shared services organization (ING Hubs Philippines) is growing rapidly – delivering processing and contact center services to our banks globally. Our ambition is to provide excellent Customer, Partner, and Employee experience while keeping the bank safe and continuously improving on our performance and culture. We are looking for a driven leader of Retail Bank Operations (Daily Banking, Savings and Investments, Credit and Loan Products, Client Life Cycle, Contact Center and Chat Support, etc.) that can deliver operational excellence and drive change. You will be in a unique and challenging position that requires running the operations, scaling the organization, and engaging and developing our people. Key Responsibilities - Leads a Circle consisting of Contact Center Professionals and/or Customer Loyalty Members and takes responsibility to facilitate the division of work volume (and customer/product groups) over the CLTs. - Setting up new retail banking operational processes and services while adapting operating models and organization design as the business matures. - Plays an important role in implementing flexible workforce arrangements within Retail Operations. - Ensures a deepening of the relevant field of knowledge and of expertise within the Circle to offer customers the very best services possible. - Drives the circle to achieve and exceed key performance targets. Creates a Customer Centricity Culture with the customer at its core and a winning performance culture. - Proactive in driving performance improvements, data driven mindset, capable of performing RCA, defining relevant actions and successful execution. - Coach, mentor, motivate, challenge, develop and recognize contact center members on a continuous basis, while at the same time ensuring member adherence. - Enables an inclusive Orange Behavior culture where everyone gives their best to the organization, in line with One Agile Way of Working. - Fosters collaboration within Retail Operations and with the different stakeholders. Plays a key role to help others to understand and build their influence within a network. - Understands and consistently applies Step Up Performance Management (planning, coaching, evaluation) and has continuous conversations with direct reports. - Knows how to have the right people at the right time at the right place, which means anticipating on the attrition. - Knows how to deal with escalations for complex and high-risk issues. Advises strategic management on measures/solutions. Provides permanent solutions. Qualifications - 5+ years’ relevant experience in managing a team in a Contact Center, Banking and Financial Services industry, ideally in a Shared Service environment. - Outstanding customer service skills and dedication to providing exceptional customer care. - Independent, analytical thinker, natural curiosity, and desire to improve. A growth mindset; ability to get people on board and to influence change. - Knows how to strike the right balance between business and people perspective. - Proactive and a self-starter with a Can-Do and Positive mind-set. Overall, you have a healthy work ethic and a willingness to collaborate. Capable of getting things done with Stakeholders/Support teams in the Hubs and in the countries. - Strong organizational and cultural sensitivity. Ability to successfully work remotely in multiple countries and ensure different cultures will work together as one team; taking into account different cultures, languages and time zones etc. - Ability to display flexibility to teams and adapt plan, approach and behavior to the different needs, cultures, and situations. - Ability to multitask and organize, prioritize, adapt to change, and work in a fast-paced environment. - Risk awareness and ability to interpret research results and which mitigation measures need to be designed and implemented following the research results. Requirements - A College graduate. - Proficient in spoken & written English. - Experience and affinity with Contact Center with real time customer contact. - Insight in and affinity with capacity management/workforce management processes for real time customer contact. - Experience in training, coaching and/or project management. - Planning and organizing, ensures timely delivery in a fast-paced environment. - Familiar with Agile Way of Working. - Proficient in using Microsoft Applications. - Working hours depending on country opening hours and willing to work on PH holidays.

Role Description The individual in this position will be a key contributor to DevSecOps and overall application security initiatives in Ellucian. - Analyze the security of Ellucian applications and coding practices using a variety of tools and frameworks. - Perform manual and automated application penetration testing. - Provide guidance to development teams for remediating application security vulnerabilities. - Develop innovative new DevSecOps solutions to application security problems. - Act as an evangelist for DevSecOps and application security within Ellucian. - Create and deliver application security training for product owners, business analysts, test engineers and developers. - Lead ongoing process and policy improvement efforts. - Provide mentoring to members of development teams. - Conduct ongoing research of trends in application security practices, tools and utilities. Qualifications - A strong passion for application security. - Extensive skills and experience performing application security / penetration testing using manual and automated tools including AI. - Progressive application security and software development experience. - Demonstrated technical skills, especially in the areas of enterprise application security, AI security testing, and secure development practices. - A thorough understanding of OWASP application security tools, code libraries and documentation. - Experience developing automated solutions to application security problems. - Demonstrated ability to clearly communicate complex ideas verbally and in writing. - Excellent troubleshooting, problem-solving, and analytical skills. - Ability to occasionally work off-hours or extended hours in support of various projects. Requirements - Preferable experience of 7+ years in performing manual and tool driven penetration testing for web apps, APIs. - Exposure to and understanding of DevOps principles and tools. - Experience securing Cloud applications in AWS. - Application security certification such as CSSLP, GIAC GWAPT or similar. - Experience developing secure web and mobile applications and REST APIs. - Experience remediating application vulnerabilities. Benefits - Comprehensive health coverage: family major medical expenses, dental and life insurance. - Christmas bonus 30 days. - Saving fund. - Monthly food coupon. - 15 workdays vacation. - Thrive Flex Program that allows you to contribute towards your health, financial or learning interests. - 5 charitable days to support the community that supports us. - Diversity and inclusion programs that promote employee resource groups such as: Women in Technology, Pride and Go Green to name a few. - Parental leave. - Employee referral bonuses to encourage the addition of great new people to the team. Company Description Ellucian powers innovation for higher education, partnering with approximately 3,000 customers across 50 countries, serving more than 21 million students. Ellucian's AI-powered platform drives efficiency, personalized experiences, and strengthened engagement for all students, faculty and staff. These solutions and services span the entire student lifecycle, including data-rich tools for student recruitment, enrollment, and retention to workforce analytics, fundraising, and alumni engagement.

• Security Development Lifecycle (SDLC) Integration: Drive the implementation of security practices throughout the entire software development process, from design review through deployment. • Application Security Testing: Perform offensive penetration testing and defensive (Blue Team) testing on web applications, internal services, and robot-side software to identify and remediate vulnerabilities. • Automation and Tooling: Implement and manage security tools, including Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST) or runtime vulnerability assessments, and Software Bill of Materials (SBOM) systems. Implementation of these systems using tools such as JFrog Artifactory, GitHub Advanced Security, Datadog, Wiz or Snyk. • Code Review and Governance: Define and enforce security policies for source code, including mandatory GitHub security practices and review procedures. • Vulnerability Management: Manage the lifecycle of identified vulnerabilities, prioritizing remediation efforts based on risk to the fleet, proprietary code, and cloud infrastructure. • Collaboration: Partner with development, platform, and infrastructure teams to ensure security requirements are met without hindering engineering velocity.