Security Operations Engineer II

United States

Full-time

Remote

$85K/yr - $124K/yr

Entry, Mid Level

Credit Acceptance is an award-winning company recognized for its workplace culture and significant presence in the used car finance industry. As a Security Operations Engineer II, you will be responsible for understanding, mitigating, and responding to security threats while optimizing security operations through automation and collaboration with various teams.

Apply Now

Responsibilities

Operate and tune enterprise security tools (EDR, SIEM/SOAR, WAF/proxy, email security)
Manage proxy filtering policies, exceptions, SSL inspection, and performance troubleshooting
Build automation and playbooks (Python/PowerShell, SOAR, APIs) to streamline SecOps tasks
Implement CI/CD pipelines and Infrastructure-as-Code workflows for consistent, auditable security configuration changes
Author and tune detection rules; improve signal quality and reduce false positives
Maintain and author health dashboards, uptime/coverage metrics, and change governance documentation
Conduct knowledge transfers through runbooks, how-to guides, tabletop exercises, and lunch & learn training sessions
Maintain upgrade schedules, license compliance, configuration baselines, and key/secret rotations
Administer URL/category policies, SSL inspection, identity-aware policies, geo/risk-based controls, and performance troubleshooting
Analyze block events for false positives; measure impact; retire exceptions on schedule and report residual risk
Build and maintain an automation backlog in partnership with SecOps, prioritizing high-frequency, high-toil tasks
Provide on-call support for tooling availability and ingestion/normalization issues
Report on metrics (uptime, coverage, MTTR, lead time, change success rate, exception aging)
Keep documentation, diagrams, and asset inventories current
As needed, monitor and respond to alerts raised by various toolsets as part of an ongoing 24/7 Security Operations Center
Report outages or incidents following guidelines and procedures
Detect, analyze, and respond to incidents, coordinate with other stakeholders for containing, eradicating, and recovering from an incident
Assist in developing testing criteria to implement new signatures/rules

Qualification

Required

Bachelor's degree in computer science, Information Systems, Data Science or closely related field of study or equivalent experience
Minimum 2 years of experience in cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), operations incident response, network security or security engineering
Basic experience administering, deploying and managing security tools
Basic experience operating WAF/proxy and SIEM/SOAR
Scripting in Python and/or PowerShell and building API integrations; JSON/YAML proficiency
CI/CD and Git workflows; Infrastructure-as-Code for security configurations
Basic understanding of TLS/SSL, HTTP, identity-aware policies, and egress/ingress routing
Documentation discipline and change management (ITIL basics)
Ability to produce formal and informal reports, briefings, and analysis of security controls
Experience with Endpoint Detection and Response (EDR) or Intrusion Detection System or Intrusion Prevention System (IDS/IPS) monitoring tools
Understanding of MITRE ATT&CK Framework and Cyber Kill Chain flow
Understanding of incident response processes and risk management

Preferred

Actively hold one or more of the following certifications: GSEC, GCIA/GCED, GCDA, AZ-500, SC-200/SC-100, Network+ or CCNA
Web Application Firewall rulesets
Utilizing automation through Infrastructure as Code
Detection engineering (KQL/SPL), log pipelines, and data normalization
Zero Trust architecture and ZTNA posture policies
Understands Credit Acceptance's business model, operations and business terminology