Application Security Analyst

Job Description

Company: Stellantis

Location: Auburn Hills, US

About the position

This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader “Shift Left” cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices.

Responsibilities
• Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
• Analyze vulnerabilities and recommend secure coding fixes
• Demonstrate vulnerabilities to development teams
• Drive remediation efforts to closure
• Work within CI/CD pipelines using tools such as Jenkins, GitLab, GitHub Actions, TeamCity, Checkmarx, GitHub Advanced Security, Burp Suite
• Integrate security controls into development workflows
• Lead Web Application Firewall (WAF) deployment for new and existing apps
• Implement application security policies, controls, and standards
• Partner with development, platform, and supplier teams
• Provide clear remediation guidance
• Train teams on secure coding and application security practices
• Develop training materials
• Conduct security assessments using standard tools
• Track and report Risks, Milestones, Deliverables, Status updates
• Recommend strategies based on application risk posture

Requirements
• Bachelor’s degree in Computer Science, Information Technology, or related field
• 3+ years of hands-on experience in application security, security testing, and DevSecOps
• Strong understanding of Application architectures (web, mobile, APIs)
• Strong understanding of Software development methodologies (Agile, SDLC)
• Strong understanding of Modern programming languages (Java, C#, Python)
• Experience performing and interpreting results from SAST, DAST, IAST, SCA, and mobile security testing tools
• Hands-on experience with secure code review in common languages (Java, C#, Python preferred)
• Prior background in application development, including Compiled code, Web applications / services, Mobile app development
• Knowledge of security frameworks and standards: NIST, ISO 27001, NIST SSDF or similar secure development frameworks
• Strong understanding of OWASP Top 10 vulnerabilities and mitigation techniques
• Strong understanding of Common attack vectors (web exploits, DDoS, bot attacks)
• Experience with WAF technologies: Akamai, Cloudflare, AWS WAF, Azure Front Door
• Familiarity with cloud platforms and modern environments: AWS, Azure, GCP, Containers (Docker, Kubernetes)
• Working knowledge of Programming/scripting: Java, JavaScript, SQL, HTML
• Working knowledge of Scripting languages (Python, Bash preferred)
• Strong analytical, problem-solving, and communication skills
• Ability to explain technical risks to non-technical audiences
• Experience writing security reports and documentation
• Ability to work independently and cross-functionally

Nice-to-haves
• Industry certifications: GIAC GWEB, ISC2 CSSLP, EC-Council CASE, Or equivalent AppSec certifications

Source: Teal