Nelnet · 4 weeks ago
Cybersecurity Application Security Engineer
United States
Full-time
Hybrid
Entry, Mid Level
$90K/yr - $125K/yr
2+ years expNelnet is a diversified and innovative company committed to enriching lives through the power of service. They are seeking a highly skilled Application Security Engineer to partner with engineering, cloud, and product teams to safeguard applications and services, focusing on secure code review, penetration testing, and automation.
Financial ServicesInformation TechnologyPayments
No H1B
Responsibilities
Manual Source Code Review
SAST/DAST scanning
Expand the Security Champions program
Develop automated source code review processes
Work with product teams to ensure secure SDLC processes are in place
Provide detail vulnerability reports to businesses
Qualification
Required
2–4 years of hands-on application security experience
Experience integrating security tooling and automated checks into CI/CD pipelines
Familiarity and experience with OWASP Top 10 and web testing methodologies
Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
Experience with technical report writing and communication
Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
Solid threat-modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM-integrated features
Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets-detection tools, and ideally AI-security scanning platforms
Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model-data leakage, and RAG vulnerabilities
Strong knowledge of web/API security concepts (session management, secure storage, transport security)
Excellent organizational, presentation, verbal, and written communication skills
Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
Aptitude for self-study, setting and achieving long term goals
Actively seeks to remain technically current and increase expertise and abilities
Challenges prevailing assumptions when appropriate
Willing to adapt to changing technology and business landscapes
Considers change as opportunities to be challenged and grow
Ability to adapt style of communications to match audience and information sharing needs
Preferred
Experience performing secure code reviews or building internal developer tooling
Previous work with AI or LLM-integrated applications, model security, or prompt safety
Experience with mobile security, reverse engineering, or platform-specific secure coding
Certifications such as OSWE, OSCP, GWAPT, GCSA, GCPN, or ML security certs (not required but beneficial)
Ability to mentor junior developers/engineers in secure design and coding practices
Benefits
Medical
Dental
Vision
HSA and FSA
Generous earned time off
401K/student loan repayment
Life insurance & AD&D insurance
Employee assistance program
Employee stock purchase program
Tuition reimbursement
Performance-based incentive pay
Short- and long-term disability
Robust wellness program
Company
Nelnet
Nelnet provides business, communications, and financial services.
5001-10000 employees
Funding
Current Stage
Late StageLeadership Team
Erin Harms
Chief Financial Officer
Ben Focht
Chief Information Security Officer, Nelnet Bank
Recent News
Silicon Prairie News
2025-12-06
Silicon Prairie News
2025-11-23
Lane Report | Kentucky Business & Economic News
2025-11-15
Company data provided by crunchbase