Cybersecurity Application Security Specialist
Description:
Join Nelnet, a dynamic and innovative company dedicated to enriching lives through our diverse services, including student loan servicing, professional services, consumer loan origination, payment processing, and renewable energy solutions. For over 40 years, we have been committed to our customers, associates, and communities.
At Nelnet, the benefits of being part of our team extend beyond our comprehensive benefits package. We pride ourselves on being a community that supports each individual’s success, aligned with our mission to create opportunities for growth and achievement.
We are on the lookout for a talented Application Security Specialist with extensive experience in secure code review, penetration testing, automation, and modern software development lifecycle (SDLC) practices, including emerging AI and large language model (LLM) security. In this influential role, you will collaborate closely with engineering, cloud, and product teams to protect our applications and services throughout their entire lifecycle, from design to deployment. By combining hands-on technical testing with scalable automation and developer enablement, you will help enhance our application security program, ensuring the delivery of secure and resilient applications.
This role offers the flexibility of a hybrid work environment, allowing team members within proximity to the office to work remotely partially while also fostering effective collaboration through in-office presence three days per week.
Please note that we are unable to provide visa sponsorship for this position. Candidates must be authorized to work in the United States without any requirement of current or future sponsorship.
Job Responsibilities:
Conduct thorough manual source code reviews.
Utilize SAST and DAST scanning tools effectively.
Expand the Security Champions program across teams.
Develop and implement automated source code review processes.
Collaborate with product teams to ensure secure SDLC practices are implemented.
Provide detailed vulnerability reports to relevant business units.
Experience Required:
2-4 years of experience in application security.
Experience in integrating security tools and automated checks into CI/CD pipelines.
Familiarity with OWASP Top 10 and web testing methodologies.
Ability to assess and articulate risks effectively, conveying urgency to management and engineering teams.
Proficient in writing technical reports and facilitating clear communication.
Skills and Competencies:
Must-Have:
Strong experience in manual code review in at least one major programming language (e.g., Java, JavaScript/TypeScript, C#, PHP).
Expertise in threat modeling techniques (e.g., STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM integrated features.
Proficiency with security tools like SAST, SCA, DAST, and pentesting for web and mobile applications, alongside familiarity with container scanners, secrets-detection tools, and AI-security scanning platforms.
Scripting and automation skills (e.g., Python, Bash, Node) for creating custom tools and automating processes.
Comprehensive understanding of AI/LLM attack surfaces, including prompt injection, data leakage, and vulnerabilities related to RAG.
Strong grasp of web and API security concepts (session management, secure storage, transport security).
Excellent organizational, presentation, and communication skills, both verbal and written.
A self-directed approach to learning and skill advancement, with a commitment to staying updated with technology trends.
The ability to adapt communication styles to effectively reach various audiences.
Preferred:
Experience with secure code reviews or developing internal developer tools.
Background in AI or LLM-integrated applications, focusing on model security or prompt safety.
Hands-on experience with mobile security, reverse engineering, or secure coding on specific platforms.
Relevant certifications such as OSWE, OSCP, GWAPT, GCSA, GCPN, or ML security certifications (not mandatory but beneficial).
Aptitude to mentor junior developers in secure design and coding practices.
The annual salary for this position ranges from $90,000 to $125,000, based on experience.
Nelnet offers a robust benefits package that includes medical, dental, vision, health savings and flexible spending accounts, generous paid time off, 401K with student loan repayment, life insurance, performance-based incentives, disability coverage, wellness programs, and tuition reimbursement.
Nelnet is committed to fostering a welcoming and respectful workplace where every associate can thrive. As an equal opportunity employer, we ensure all qualified candidates are considered for employment without regard to race, color, religion, gender, sexual orientation, disability status, or any other protected characteristic. We celebrate the unique contributions of each team member, believing that a positive work environment benefits everyone.
Individuals with disabilities needing reasonable accommodations can reach out for assistance with applications or interview processes.
Nelnet maintains a drug-free and tobacco-free workplace.
While you may know us as the nation's leading student loan servicer, our services span far beyond that, fostering opportunities in multiple sectors for over four decades.