Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Nelnet

Cybersecurity Application Security Engineer

Nelnet

Application Security Engineer at Nelnet safeguarding applications and services through secure code review and penetration testing. Collaborating with teams to enhance the security posture and automate processes.

Posted 4/15/2026full-timeCentennial • Colorado, New York, Wisconsin • 🇺🇸 United StatesJuniorMid-Level💰 $90,000 - $125,000 per yearWebsite

Tech Stack

Tools & technologies
CloudJavaJavaScriptNode.jsPHPPythonSDLCTypeScript

About the role

Key responsibilities & impact
  • Partner closely with engineering, cloud, and product teams to safeguard applications, services, and AI-driven components
  • Combine hands-on technical testing with scalable automation and developer enablement to mature AppSec program
  • Ensure secure, resilient applications at speed
  • Manual source code review SAST/DAST scanning
  • Expand the Security Champions program
  • Develop automated source code review processes
  • Work with product teams to ensure secure SDLC processes are in place
  • Provide detailed vulnerability reports to businesses

Requirements

What you’ll need
  • 2–4 years of hands-on application security experience
  • Experience integrating security tooling and automated checks into CI/CD pipelines
  • Familiarity and experience with OWASP Top 10 and web testing methodologies
  • Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
  • Experience with technical report writing and communication
  • Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
  • Solid threat-modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM-integrated features
  • Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets-detection tools, and ideally AI-security scanning platforms
  • Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
  • Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model-data leakage, and RAG vulnerabilities
  • Strong knowledge of web/API security concepts (session management, secure storage, transport security)

Benefits

Comp & perks
  • medical
  • dental
  • vision
  • HSA and FSA
  • generous earned time off
  • 401K/student loan repayment
  • life insurance & AD&D insurance
  • employee assistance program
  • employee stock purchase program
  • tuition reimbursement
  • performance-based incentive pay
  • short- and long-term disability
  • a robust wellness program

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securitymanual code reviewSASTDASTweb testing methodologiesthreat modelingscriptingautomationweb securityAPI security
Soft Skills
communicationrisk assessmenttechnical report writingcollaborationdeveloper enablement