Role Description Building a brand is a marathon, not a sprint. Legacy People and our partners in Latvia, Tallin and Uzbekistan are seeking a Java Engineer. Speaking Basic English is important, however due to the nature of the CIS Markets, speaking local languages is equally important. We are launching a new ambitious project for our client, aiming for sustainable profitability and technical accuracy. We are looking for not just a developer, but an engineer who views software creation as an art and architectural integrity as a top priority. This is an invitation to join a driven team where your experience is not just a line on a resume, but the foundation of our collective success. You will have a rare opportunity to shape a new project from the ground up, ensuring it is scalable, sustainable, and capable of leading the market. Qualifications - Deep knowledge in Java development with a principle of "quality over all." - Understanding of microservices nuances and the importance of choosing the right patterns for long-term system stability. - Professional proficiency in English and Russian, enabling effective communication in a complex international environment. - Pride in clean code, thorough testing, and the invisible details that distinguish good software from outstanding software. Requirements - Strategic development: leading the process of creating a new Greenfield project based on Spring Boot and a robust microservices architecture. - Designing modern systems: developing and maintaining high-performance applications using Java 21. - Engineering discipline: ensuring strict adherence to professional coding standards and best practices. - Quality assurance: implementing comprehensive testing frameworks (JUnit, Mockito) to create a resilient and stable codebase. - Team problem-solving: collaborating with international teams to tackle complex logical challenges and achieve business goals. - Knowledge continuity: maintaining detailed technical documentation to ensure transparency and scalability of architecture. Benefits - Work remotely whilst building a legacy.

• Accountable to drive design wins and new product in target account • Drive customer visits for technical product presentations, demonstrations, and product value proposition deployment • Synthesize customer, product positioning and competitive insights to improve product definition and roadmaps • Manage project design in campaigns to ensure early involvement in the customer’s technology roadmap and continuous and timely flow of information to all necessary parties • Qualify design opportunities and establish value proposition/position relative to the competition • Promote the product value (strengths versus competitive products) and quantify the technical benefits derived from choosing Nexperia • Own the block diagram process to ensure full Nexperia system sell • Oversee and responsible for all design win objectives and design funnel management • Deliver ongoing formal and informal knowledge sharing and product positioning that helps assigned accounts understand the operational, financial, and business impact of Nexperia solutions within the automotive segment • Successfully builds relationships with sales, business lines, customers (engineering and management) in support of sales team objectives • Interface with the product teams on new product ideas and development • Assist in educating Field Sales Engineers on new technologies, new product features and their related business value

• Security Integration: Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC). • Vulnerability Management: Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environments. • AWS Security: Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoring. • DevOps Security: Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) security. • Threat Modeling: Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies. • Incident Response: Assist in developing and executing incident response plans, including identifying and responding to security incidents. • Compliance & Best Practices: Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP , NIST , ISO 27001). • Security Training: Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices. • Continuous Improvement: Continuously monitor, evaluate, and improve security practices, tools, and processes.

Role Description The Application Security Engineer is responsible for securing the software and applications that Credit Acceptance builds, buys, and operates. This role partners closely with engineering, product, architecture, and business teams to ensure that applications handling sensitive consumer, dealer, and loan data are designed, developed, and deployed in a secure manner, meeting both internal security standards and the regulatory expectations of a financial services environment. This position focuses on embedding security into the software development lifecycle by providing hands-on technical guidance, performing threat modeling and application security reviews, defining secure design patterns and guardrails, and supporting engineering teams as they build and maintain modern web, mobile, API, and cloud-based applications. This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required. However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member. Outcomes and Activities - Partner with engineering and architecture teams to design and review application architectures (web, mobile, API, and microservices) for security, privacy, and regulatory compliance. - Perform security reviews of applications and services at each stage of the SDLC, including: - Design - Code - Building pipelines - Dependencies - Infrastructure-as-code - Third-party components - Identify and mitigate risks such as: - Injection - Authentication/authorization - Injection and session management flaws (OWASP Top 10, ASVS) - Insecure handling of NPI, PII, and payment data - Management of open-source dependency vulnerabilities and software supply chain risks - Insecure cloud configurations, secrets management, and exposed APIs - Support threat modeling and risk assessments for new and existing applications, assisting teams in implementing practical mitigations. - Assess and help mitigate security risks introduced by AI-assisted and agentic development tools (e.g., GitHub Copilot, Claude Code, LiteLLM). Governance, Standards, and Policy - Contribute to and operationalize application security standards, secure coding guidelines, and secure design patterns used across the company. - Evaluate application security tooling (SAST, DAST, SCA, IAST, secrets scanning, ASPM) and vendors to ensure alignment with security, privacy, and compliance requirements. - Support compliance with regulatory and industry frameworks (e.g., PCI DSS, GLBA, NIST SSDF, SOX) in collaboration with legal, compliance, audit, and risk partners. - Contribute to standards and guardrails for secure use of AI-assisted development tools and agentic coding workflows. Collaboration & Advisory - Act as a trusted security advisor to Engineering, Product, and DevOps teams building, maintaining, and operating applications at Credit Acceptance. - Participate in design reviews, sprint planning, and architecture working sessions focused on secure development and deployment. - Provide guidance on the secure use of frameworks, libraries, APIs, authentication systems, and cloud services that interact with company systems and data. - Advise engineering teams on safe adoption of AI coding assistants and agentic development tools. Continuous Improvement - Stay current on application security threats, vulnerabilities, and best practices, including emerging risks across web, mobile, API, and cloud-native applications. - Recommend improvements to tooling, processes, and controls to strengthen the company's application security posture and shift security left in the SDLC. - Contribute to internal documentation, secure coding training, and security enablement for developers and engineering teams. Qualifications - Bachelor’s Degree or equivalent experience - 3+ years of experience in application security, product security, or secure software development. - 2+ years of hands-on experience performing application security reviews, penetration testing, threat modeling, or secure code review. Preferred - Experience securing modern web, mobile, and API-based applications in a regulated industry (e.g., financial services, healthcare). - Familiarity with the OWASP Top 10, OWASP ASVS, and OWASP SAMM, and with software supply chain frameworks such as SLSA. - Experience with cloud platforms (e.g., AWS, Azure, GCP) and containerized environments. - Knowledge of regulatory and compliance considerations relevant to financial services (e.g., PCI DSS, GLBA, SOX). - Experience embedding security into software development workflows (DevSecOps) and CI/CD pipelines. - Hands-on experience with application security tooling such as SAST, DAST, SCA, IAST, secrets scanning, or ASPM platforms. - Relevant certifications (e.g., GWAPT, GWEB, OSWE, CSSLP, CISSP) a plus. - Familiarity with security considerations for AI-assisted development environments (e.g., GitHub Copilot, Claude Code) and LLM gateway/proxy tooling (e.g., LiteLLM). Knowledge and Skills - Strong understanding of modern software development practices, frameworks, and architectures (web, mobile, API, microservices, serverless). - Working knowledge of common application vulnerabilities and exploitation techniques, and the controls that mitigate them. - Understanding of authentication, authorization, identity, cryptography, and secure data handling patterns. - Familiarity with threat modeling, security testing, and risk assessment techniques. - Ability to read and reason about code in one or more common programming languages. - Working knowledge of AI-assisted and agentic software development tools (e.g., GitHub Copilot, Claude Code, LiteLLM) and the security risks they introduce in the SDLC. - Ability to communicate security risks and recommendations clearly to both technical and non-technical audiences. Target Compensation A competitive base salary range from $85,695 – $125,685. This position is eligible for an annual variable cash bonus, between 7.5 - 15%. Bonus amounts are based on individual performance. Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education, and certifications. Candidates who reside in the following major metropolitan areas may be eligible for a premium on top of the posted range based on their specific zone: San Francisco, Seattle, Boston, New York City, Los Angeles, and San Diego. Benefits - Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/dental/vision, and many nonstandard benefits that make us a Great Place to Work. Company Values - Positive by maintaining resiliency and focusing on solutions. - Respectful by collaborating and actively listening. - Insightful by cultivating innovation, accumulating business and role-specific knowledge, demonstrating self-awareness, and making quality decisions. - Direct by effectively communicating and conveying courage. - Earnest by taking accountability, applying feedback, and effectively planning and priority setting. Expectations - Remain compliant with our policies, processes, and legal guidelines. - All other duties as assigned. - Attendance as required by department.