Skills

Communication Python Java JavaScript C# HTML SQL GitHub GitLab Jenkins Problem-solving Technical Writing Training Programming Azure AWS Software Development cloud platforms SDLC GCP

Job Specifications

Description

The Application Security Analyst will be responsible for working with application development team to analyze application code vulnerabilities and involved in running security scans which include but not limited to SAST, DAST, IAST, Mobile, and ad-hoc dynamic testing. Also, Analyst will play role in extending WAF deployment for large number of applications. The candidate will play a key role in a major cybersecurity transformation initiative of “Shift left and Secure Early” as well as implementing additional security controls in SDLC.

The role entails taking responsibility of analyzing security vulnerabilities and capability to provide mitigation solutions to fix issues by writing secure code, providing guidance to application teams, and coordinating with cross functional teams across the platform.

Key Responsibilities

Hands-on experience working with DevSecOps pipeline using CICD automation tools like Jenkins, TeamCity, GitLab, GitHub Action, Checkmarx, GitHub Advance Security, BurpSuite, and open-source tools.
Implement Application Cyber Security Controls/Policies and standards developed by Application Security Program.
Lead deployment of WAF for existing and new applications
Ability to demo security vulnerability to application teams.
Drive application security issues to a resolution.
Provide a clear guidance to application teams during vulnerability mitigation effort
Conduct application security assessment using standard Stellantis application security tools
Collect and report status on application security assessments including milestones, deliverables, timing, tasks, risk areas, and status
Categorize and recommend assessment strategies for existing and new application development
Coach development and supplier teams on application security
Develop user training material and conduct training sessions

Qualifications

Bachelor's degree in computer science, Technology or other related field.
At least 3 years of application security analysis, testing and DevSecOps experience.
Understanding of application architectures, development methodologies, and programming languages.
Problem-solving skills and the ability to work both independently and as part of a team.
Technical writing and communication skills to articulate security risks and findings to both technical and non-technical audiences
Hands on experience reviewing application security secure code preferred in Java, C#, Python etc. popular programming languages.
Background experience with application development - compiled code, mobile applications, website design, web services
Hands on experience running SAST, DAST, IAST, SCA and Mobile scan
Knowledge of security and compliance frameworks like NIST and ISO
Understanding and experience in NIST SSDF or other secure software development frameworks
Knowledgeable in deployment of WAF tools such as Akamai, Cloudflare, Azure Front Door, and AWS WAF etc.
Knowledge of the OWASP Top 10 and mitigation strategies for each
Knowledge on techniques of web attacks, DDoS attacks and BOT attacks and management/mitigation controls.
Experienced with cloud platforms (AWS, Azure, GCP) and container frameworks
Knowledge of programming, scripting, and query languages such as Java, SQL, HTML, JavaScript
Prefer that candidates will have experience in scripting languages.
Preferable is candidate has GIAC GWEB, ISC2 CSSLP, EC-Council CASE or other comparable professional certificates

Our Benefits — Designed With You In Mind

Comprehensive Health & Well-being Coverage

From your very first day, you’ll have access to medical, dental, vision, and prescription drug coverage — ensuring you and your family stay healthy and protected. Also, our Employee Assistance Program (EAP) offers confidential support for personal and professional challenges, always ready when you need it.

Family Building Benefit

We proudly support all paths to parenthood- including fertility and infertility treatments, adoption services, and gestational surrogacy.

Generous Paid Time Off

We believe in work-life balance. That’s why we offer: 17+ paid holidays, including shut-down from December 24th through New Years Day every year. Vacation, float & wellbeing days, sick time and fully paid parental leave when your family needs you most.

Competitive Retirement Savings Plans

We Help You Plan For The Future With

An employer match on contributions to your 401k, Roth, and Catch-Up plans
An employer contribution, even if you don’t contribute

Income Protection & Insurance Options

Benefit from both employer-provided and voluntary plan offerings, including life insurance, group accident, critical illness, etc. - supporting the needs of you and your family and ensuring peace of mind.

Company Vehicle Lease Program

Eligible employees and their immediate families can participate in the company vehicle lease program, providing access to Stellantis vehicles with insurance, maintenance, and unlimited miles included. Plus, take advantage of exclusive disco

About the Company

Our storied and iconic brands embody the passion of their visionary founders and today’s customers in their innovative products and services: they include Abarth, Alfa Romeo, Chrysler, Citroën, Dodge, DS Automobiles, Fiat, Jeep®, Lancia, Maserati, Opel, Peugeot, Ram, Vauxhall and mobility brands Free2move and Leasys. Powered by our diversity, we lead the way the world moves – aspiring to become the greatest sustainable mobility tech company, not the biggest, while creating added value for all stakeholders as well as the comm... Know more