We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search

Job posting has expired

#alert
Back to search results / More jobs like this
Back to search results
New
Stellantis jobs

Application Security Analyst

Stellantis
United States, Michigan, Auburn Hills
Jun 04, 2026

Description:

This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices.
Key Responsibilities

Application Security & Testing



  • Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
  • Analyze vulnerabilities and recommend secure coding fixes
  • Demonstrate vulnerabilities to development teams
  • Drive remediation efforts to closure


DevSecOps & Tooling



  • Work within CI/CD pipelines using tools such as:

    • Jenkins, GitLab, GitHub Actions, TeamCity
    • Checkmarx, GitHub Advanced Security, Burp Suite


  • Integrate security controls into development workflows


WAF & Security Controls



  • Lead Web Application Firewall (WAF) deployment for new and existing apps
  • Implement application security policies, controls, and standards


Collaboration & Enablement



  • Partner with development, platform, and supplier teams
  • Provide clear remediation guidance
  • Train teams on secure coding and application security practices
  • Develop training materials


Assessment & Reporting



  • Conduct security assessments using standard tools
  • Track and report:

    • Risks
    • Milestones
    • Deliverables
    • Status updates


  • Recommend strategies based on application risk posture

This role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.

Qualifications


  • Bachelor's degree in Computer Science, Information Technology, or related field



  • 3+ years of hands-on experience in application security, security testing, and DevSecOps



  • Strong understanding of:



    • Application architectures (web, mobile, APIs)
    • Software development methodologies (Agile, SDLC)
    • Modern programming languages (Java, C#, Python)



  • Experience performing and interpreting results from:



    • SAST, DAST, IAST, SCA, and mobile security testing tools



  • Hands-on experience with secure code review in common languages (Java, C#, Python preferred)



  • Prior background in application development, including:



    • Compiled code
    • Web applications / services
    • Mobile app development



  • Knowledge of security frameworks and standards:



    • NIST, ISO 27001
    • NIST SSDF or similar secure development frameworks



  • Strong understanding of:



    • OWASP Top 10 vulnerabilities and mitigation techniques
    • Common attack vectors (web exploits, DDoS, bot attacks)



  • Experience with WAF technologies:



    • Akamai, Cloudflare, AWS WAF, Azure Front Door



  • Familiarity with cloud platforms and modern environments:



    • AWS, Azure, GCP
    • Containers (Docker, Kubernetes)



  • Working knowledge of:



    • Programming/scripting: Java, JavaScript, SQL, HTML
    • Scripting languages (Python, Bash preferred)



  • Strong analytical, problem-solving, and communication skills



    • Ability to explain technical risks to non-technical audiences
    • Experience writing security reports and documentation



  • Ability to work independently and cross-functionally




Preferred

  • Industry certifications:

    • GIAC GWEB
    • ISC2 CSSLP
    • EC-Council CASE
    • Or equivalent AppSec certifications



Description:

This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices.
Key Responsibilities

Application Security & Testing



  • Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
  • Analyze vulnerabilities and recommend secure coding fixes
  • Demonstrate vulnerabilities to development teams
  • Drive remediation efforts to closure


DevSecOps & Tooling



  • Work within CI/CD pipelines using tools such as:

    • Jenkins, GitLab, GitHub Actions, TeamCity
    • Checkmarx, GitHub Advanced Security, Burp Suite


  • Integrate security controls into development workflows


WAF & Security Controls



  • Lead Web Application Firewall (WAF) deployment for new and existing apps
  • Implement application security policies, controls, and standards


Collaboration & Enablement



  • Partner with development, platform, and supplier teams
  • Provide clear remediation guidance
  • Train teams on secure coding and application security practices
  • Develop training materials


Assessment & Reporting



  • Conduct security assessments using standard tools
  • Track and report:

    • Risks
    • Milestones
    • Deliverables
    • Status updates


  • Recommend strategies based on application risk posture

This role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.



At Stellantis, we assess candidates based on qualifications, merit, and business needs. We welcome applications from all people without regard to sex, age, ethnicity, nationality, religion, sexual orientation, disability, or any characteristic protected by law. We believe that diverse teams reflect our identity as a global company, enabling us to better address the evolving needs of our customers and care for our future.

(web-77cf7d65c7-z52c2)