Application Security Analyst
Stellantis
- Auburn, Alabama, United States
- Auburn, Alabama, United States
Über
Application Security & Testing
Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
Analyze vulnerabilities and recommend secure coding fixes
Demonstrate vulnerabilities to development teams
Drive remediation efforts to closure
DevSecOps & Tooling
Work within CI/CD pipelines using tools such as:
Jenkins, GitLab, GitHub Actions, TeamCity
Checkmarx, GitHub Advanced Security, Burp Suite
Integrate security controls into development workflows
WAF & Security Controls
Lead Web Application Firewall (WAF) deployment for new and existing apps
Implement application security policies, controls, and standards
Collaboration & Enablement
Partner with development, platform, and supplier teams
Provide clear remediation guidance
Train teams on secure coding and application security practices
Develop training materials
Assessment & Reporting
Conduct security assessments using standard tools
Track and report:
Risks
Milestones
Deliverables
Status updates
Recommend strategies based on application risk posture
This role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.
Basic Qualifications
Bachelor’s degree in Computer Science, Information Technology, or related field
3+ years of hands‑on experience in application security, security testing, and DevSecOps
Strong understanding of:
Application architectures (web, mobile, APIs)
Software development methodologies (Agile, SDLC)
Modern programming languages (Java, C#, Python)
Experience performing and interpreting results from:
SAST, DAST, IAST, SCA, and mobile security testing tools
Hands‑on experience with secure code review in common languages (Java, C#, Python preferred)
Prior background in application development, including:
Compiled code
Web applications / services
Mobile app development
Knowledge of security frameworks and standards:
NIST, ISO 27001
NIST SSDF or similar secure development frameworks
Strong understanding of:
OWASP Top 10 vulnerabilities and mitigation techniques
Common attack vectors (web exploits, DDoS, bot attacks)
Experience with WAF technologies:
Akamai, Cloudflare, AWS WAF, Azure Front Door
Familiarity with cloud platforms and modern environments:
AWS, Azure, GCP
Containers (Docker, Kubernetes)
Working knowledge of:
Programming/scripting: Java, JavaScript, SQL, HTML
Scripting languages (Python, Bash preferred)
Strong analytical, problem‑solving, and communication skills
Ability to explain technical risks to non‑technical audiences
Experience writing security reports and documentation
Ability to work independently and cross‑functionally
Preferred Qualifications
Industry certifications:
GIAC GWEB
ISC2 CSSLP
EC-Council CASE
Or equivalent AppSec certifications
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.