Application Security Analyst
Stellantis•Auburn Hills, MI
•Onsite
About The Position
This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader “Shift Left” cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, or related field
- 3+ years of hands-on experience in application security, security testing, and DevSecOps
- Strong understanding of Application architectures (web, mobile, APIs)
- Strong understanding of Software development methodologies (Agile, SDLC)
- Strong understanding of Modern programming languages (Java, C#, Python)
- Experience performing and interpreting results from SAST, DAST, IAST, SCA, and mobile security testing tools
- Hands-on experience with secure code review in common languages (Java, C#, Python preferred)
- Prior background in application development, including Compiled code, Web applications / services, Mobile app development
- Knowledge of security frameworks and standards: NIST, ISO 27001, NIST SSDF or similar secure development frameworks
- Strong understanding of OWASP Top 10 vulnerabilities and mitigation techniques
- Strong understanding of Common attack vectors (web exploits, DDoS, bot attacks)
- Experience with WAF technologies: Akamai, Cloudflare, AWS WAF, Azure Front Door
- Familiarity with cloud platforms and modern environments: AWS, Azure, GCP, Containers (Docker, Kubernetes)
- Working knowledge of Programming/scripting: Java, JavaScript, SQL, HTML
- Working knowledge of Scripting languages (Python, Bash preferred)
- Strong analytical, problem-solving, and communication skills
- Ability to explain technical risks to non-technical audiences
- Experience writing security reports and documentation
- Ability to work independently and cross-functionally
Nice To Haves
- Industry certifications: GIAC GWEB, ISC2 CSSLP, EC-Council CASE, Or equivalent AppSec certifications
Responsibilities
- Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
- Analyze vulnerabilities and recommend secure coding fixes
- Demonstrate vulnerabilities to development teams
- Drive remediation efforts to closure
- Work within CI/CD pipelines using tools such as Jenkins, GitLab, GitHub Actions, TeamCity, Checkmarx, GitHub Advanced Security, Burp Suite
- Integrate security controls into development workflows
- Lead Web Application Firewall (WAF) deployment for new and existing apps
- Implement application security policies, controls, and standards
- Partner with development, platform, and supplier teams
- Provide clear remediation guidance
- Train teams on secure coding and application security practices
- Develop training materials
- Conduct security assessments using standard tools
- Track and report Risks, Milestones, Deliverables, Status updates
- Recommend strategies based on application risk posture
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
