Develop capabilities to shift to an automated system security evaluation process for clients. Facilitate infrastructure management and support compliance in a hands - on DevOps environment.
About the role
- Application Security Engineer safeguarding applications and AI-driven components at Nelnet. Collaborating closely with engineering, cloud, and product teams to ensure security at speed.
Responsibilities
- Manual Source Code Review
- SAST/DAST scanning
- Expand the Security Champions program
- Develop automated source code review processes
- Work with product teams to ensure secure SDLC processes are in place
- Provide detail vulnerability reports to businesses
Requirements
- 2–4 years of hands-on application security experience
- Experience integrating security tooling and automated checks into CI/CD pipelines
- Familiarity and experience with OWASP Top 10 and web testing methodologies
- Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
- Experience with technical report writing and communication
- Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
- Solid threat-modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM-integrated features
- Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets-detection tools, and ideally AI-security scanning platforms
- Experience integrating security tooling and automated checks into CI/CD pipeline
- Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
- Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model-data leakage, and RAG vulnerabilities
- Strong knowledge of web/API security concepts (session management, secure storage, transport security)
- Excellent organizational, presentation, verbal, and written communication skills
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Ability to mentor junior developers/engineers in secure design and coding practices
- Experience performing secure code reviews or building internal developer tooling.
- Previous work with AI or LLM-integrated applications, model security, or prompt safety.
- Certifications such as OSWE, OSCP, GWAPT, GCSA, GCPN, or ML security certs (not required but beneficial).
Benefits
- medical
- dental
- vision
- HSA and FSA
- generous earned time off
- 401K/student loan repayment
- life insurance & AD&D insurance
- employee assistance program
- employee stock purchase program
- tuition reimbursement
- performance-based incentive pay
- short- and long-term disability
- robust wellness program
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Performance/Simulation/Application Engineer at Caterpillar Inc. executing simulation analyses and collaborating with teams to enhance product reliability and performance.
Senior Application Development Engineer overseeing design, development, and execution of platform plug - ins for TIBCO Platform. Requires communication skills and technical knowledge for collaborative efforts.
Application Engineer 4 developing automation processes for security evaluations in Linthicum Heights, MD. Providing application engineering support to evaluate large language models in the ATO process.
Operations Application Engineer at Fiserv, ensuring reliability of business applications and high - performance systems. Involves automation, monitoring, and incident response in Fintech services.
Project Application Engineer defining system requirements and specifications for Industrial Systems in Roanoke, VA. Collaborating with clients and suppliers for successful project execution.
Serve as a technical expert in CFD tools helping customers realize their value. Deliver software demonstrations, training, and support as part of a collaborative team.
Principal Security Engineer at Binti focusing on securing software applications for social services. Conducting assessments, responding to incidents, and improving security architecture in a collaborative environment.
Technical expert in industry‑leading CFD tools such as ANSYS Fluent and CFX. Partnering with account managers and customers to drive pre - sales success and deliver impactful technical support.
Lead Applications Engineer for Power Island Mechanical Systems developing SMR plant technology solutions. Collaborating with internal teams and external partners for technical proposals and designs.