Stellantis

Application Security Analyst

Stellantis$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, IT, or related field
  • 3+ years of hands-on experience in application security and DevSecOps
  • Strong understanding of application architectures (web, mobile, APIs)
  • Experience with security testing tools (SAST, DAST, IAST)
  • Knowledge of security frameworks (NIST, ISO 27001)
  • Experience with WAF technologies (Akamai, AWS WAF)
  • Strong analytical and problem-solving skills

Responsibilities

  • Perform security testing including SAST, DAST, and mobile security
  • Analyze vulnerabilities and recommend secure coding fixes
  • Demonstrate vulnerabilities to development teams and drive remediation
  • Integrate security controls into CI/CD pipelines
  • Lead Web Application Firewall (WAF) deployment
  • Train teams on secure coding and application security practices
  • Conduct security assessments and track risks and milestones

Benefits

  • Collaborative work environment
  • Opportunities for professional development
  • Hands-on experience with modern security tools
  • Engagement in cybersecurity innovations
  • Support in obtaining industry certifications
Full Job Description
This role focuses on identifying, analyzing, and mitigating application security vulnerabilities throughout the SDLC. It supports a broader "Shift Left" cybersecurity strategy, ensuring security is integrated early in development and reinforced through DevSecOps practices.

Key Responsibilities:

Application Security & Testing
  • Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing
  • Analyze vulnerabilities and recommend secure coding fixes
  • Demonstrate vulnerabilities to development teams
  • Drive remediation efforts to closure

DevSecOps & Tooling
  • Work within CI/CD pipelines using tools such as:
    • Jenkins, GitLab, GitHub Actions, TeamCity
    • Checkmarx, GitHub Advanced Security, Burp Suite
  • Integrate security controls into development workflows

WAF & Security Controls
  • Lead Web Application Firewall (WAF) deployment for new and existing apps
  • Implement application security policies, controls, and standards

Collaboration & Enablement
  • Partner with development, platform, and supplier teams
  • Provide clear remediation guidance
  • Train teams on secure coding and application security practices
  • Develop training materials

Assessment & Reporting
  • Conduct security assessments using standard tools
  • Track and report:
    • Risks
    • Milestones
    • Deliverables
    • Status updates
  • Recommend strategies based on application risk posture


This role is based in Auburn Hills, MI and is required to be on-site in our HQ building 5 days per week.

Basic Qualifications:

  • Bachelor's degree in Computer Science, Information Technology, or related field
  • 3+ years of hands-on experience in application security, security testing, and DevSecOps
  • Strong understanding of:
    • Application architectures (web, mobile, APIs)
    • Software development methodologies (Agile, SDLC)
    • Modern programming languages (Java, C#, Python)
  • Experience performing and interpreting results from:
    • SAST, DAST, IAST, SCA, and mobile security testing tools
  • Hands-on experience with secure code review in common languages (Java, C#, Python preferred)
  • Prior background in application development, including:
    • Compiled code
    • Web applications / services
    • Mobile app development
  • Knowledge of security frameworks and standards:
    • NIST, ISO 27001
    • NIST SSDF or similar secure development frameworks
  • Strong understanding of:
    • OWASP Top 10 vulnerabilities and mitigation techniques
    • Common attack vectors (web exploits, DDoS, bot attacks)
  • Experience with WAF technologies:
    • Akamai, Cloudflare, AWS WAF, Azure Front Door
  • Familiarity with cloud platforms and modern environments:
    • AWS, Azure, GCP
    • Containers (Docker, Kubernetes)
  • Working knowledge of:
    • Programming/scripting: Java, JavaScript, SQL, HTML
    • Scripting languages (Python, Bash preferred)
  • Strong analytical, problem-solving, and communication skills
    • Ability to explain technical risks to non-technical audiences
    • Experience writing security reports and documentation
  • Ability to work independently and cross-functionally

Preferred Qualifications:

  • Industry certifications:
    • GIAC GWEB
    • ISC2 CSSLP
    • EC-Council CASE
    • Or equivalent AppSec certifications

About Stellantis

Stellantis is a multinational automotive manufacturer formed in 2021 by the merger of Fiat Chrysler Automobiles and Groupe PSA. The company designs, produces, and sells a wide range of vehicles under various brands, including Alfa Romeo, Chrysler, Citroen, Dodge, DS Automobiles, Fiat, Jeep, Lancia, Maserati, Opel, Peugeot, Ram, and Vauxhall. Stellantis operates in over 130 countries and has 14 brands in its portfolio. The company is committed to sustainable mobility and has set ambitious targets for reducing its carbon footprint and increasing the share of electric vehicles in its sales.
Learn more about Stellantis
Size
400,000 employees
Market Cap
$44.9 billion
Industry

Similar Jobs

More Jobs at Stellantis

More Information Technology Jobs

Find similar Application Security Analyst jobs: