Skip to main content
Tallo logoTallo logo
Apply for this opportunity

This job application is on an outside website. Be sure to review the job posting there to verify it's the same.

Apply Offsite

Application Security Analyst

Job

Stellantis

Lake Angelus, MI (In Person)

Full-Time

Posted 2 weeks ago (Updated 2 weeks ago) • Actively hiring

Expires 7/9/2026

Review key factors to help you decide if the role fits your goals.
How is this calculated?
Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
75
out of 100
Average of individual scores

Were these scores useful?

Skill Insights

Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.

Job Description

Description:
This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices. Key ResponsibilitiesApplication Security & TestingPerform security testing: SAST, DAST, IAST, mobile security, and dynamic testingAnalyze vulnerabilities and recommend secure coding fixesDemonstrate vulnerabilities to development teamsDrive remediation efforts to closureDevSecOps & ToolingWork within CI/CD pipelines using tools such as:

Jenkins, GitLab, GitHub Actions, TeamCityCheckmarx, GitHub Advanced Security, Burp SuiteIntegrate security controls into development workflowsWAF & Security ControlsLead Web Application Firewall (WAF) deployment for new and existing appsImplement application security policies, controls, and standardsCollaboration & EnablementPartner with development, platform, and supplier teamsProvide clear remediation guidanceTrain teams on secure coding and application security practicesDevelop training materialsAssessment & ReportingConduct security assessments using standard toolsTrack and report:

RisksMilestonesDeliverablesStatus updatesRecommend strategies based on application risk postureThis role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week. Qualifications Bachelor's degree in Computer Science, Information Technology, or related field 3+ years of hands-on experience in application security, security testing, and DevSecOps Strong understanding of:

Application architectures (web, mobile, APIs)Software development methodologies (Agile, SDLC)Modern programming languages (Java, C#, Python) Experience performing and interpreting results from:

SAST, DAST, IAST, SCA, and mobile security testing tools Hands-on experience with secure code review in common languages (Java, C#, Python preferred) Prior background in application development, including:

Compiled codeWeb applications / servicesMobile app development Knowledge of security frameworks and standards:
NIST, ISO 27001NIST
SSDF or similar secure development frameworks Strong understanding of:

OWASP Top 10 vulnerabilities and mitigation techniquesCommon attack vectors (web exploits, DDoS, bot attacks) Experience with WAF technologies:

Akamai, Cloudflare, AWS WAF, Azure Front Door Familiarity with cloud platforms and modern environments:

AWS, Azure, GCPContainers (Docker, Kubernetes) Working knowledge of:
Programming/scripting:
Java, JavaScript, SQL, HTMLScripting languages (Python, Bash preferred) Strong analytical, problem-solving, and communication skillsAbility to explain technical risks to non-technical audiencesExperience writing security reports and documentation Ability to work independently and cross-functionally PreferredIndustry certifications:
GIAC GWEBISC2
CSSLPEC-Council CASEOr equivalent AppSec certifications
Description:
This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices. Key ResponsibilitiesApplication Security & TestingPerform security testing: SAST, DAST, IAST, mobile security, and dynamic testingAnalyze vulnerabilities and recommend secure coding fixesDemonstrate vulnerabilities to development teamsDrive remediation efforts to closureDevSecOps & ToolingWork within CI/CD pipelines using tools such as:

Jenkins, GitLab, GitHub Actions, TeamCityCheckmarx, GitHub Advanced Security, Burp SuiteIntegrate security controls into development workflowsWAF & Security ControlsLead Web Application Firewall (WAF) deployment for new and existing appsImplement application security policies, controls, and standardsCollaboration & EnablementPartner with development, platform, and supplier teamsProvide clear remediation guidanceTrain teams on secure coding and application security practicesDevelop training materialsAssessment & ReportingConduct security assessments using standard toolsTrack and report:

RisksMilestonesDeliverablesStatus updatesRecommend strategies based on application risk postureThis role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.

At Stellantis, we assess candidates based on qualifications, merit, and business needs. We welcome applications from all people without regard to sex, age, ethnicity, nationality, religion, sexual orientation, disability, or any characteristic protected by law. We believe that diverse teams reflect our identity as a global company, enabling us to better address the evolving needs of our customers and care for our future. Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled.