Nelnet
Cybersecurity Application Security Engineer
Nelnet, Annapolis, Maryland, United States, 21403
Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, renewable energy solutions, and K-12 and higher education expert. For over 40 years, Nelnet has been serving its customers, associates, and communities.
The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you're part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.
This position offers a hybrid work option. Nelnet values flexibility and understands the importance of work-life integration. Our hybrid work environment allows associates Living within 30 miles of an office location to work remotely for part of the week, while also fostering collaboration and team connection through in-office presence three days per week.
Please note that we are unable to provide visa sponsorship for this position. To be considered, candidates must already be authorized to work in the United States without the need for current or future sponsorship.
Job Description
Manual Source Code Review
SAST/DAST scanning
Expand the Security Champions program
Develop automated source code review processes
Work with product teams to ensure secure SDLC processes are in place
Provide detail vulnerability reports to businesses
Experience
2–4 years of hands‑on application security experience
Experience integrating security tooling and automated checks into CI/CD pipelines
Familiarity and experience with OWASP Top 10 and web testing methodologies
Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
Experience with technical report writing and communication
Competencies – Skills / Knowledge / Abilities
Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
Solid threat‑modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM‑integrated features
Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets‑detection tools, and ideally AI‑security scanning platforms
Experience integrating security tooling and automated checks into CI/CD pipeline
Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model‑data leakage, and RAG vulnerabilities
Strong knowledge of web/API security concepts (session management, secure storage, transport security)
Excellent organizational, presentation, verbal, and written communication skills
Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
Aptitude for self‑study, setting and achieving long term goals
Actively seeks to remain technically current and increase expertise and abilities
Challenges prevailing assumptions when appropriate
Willing to adapt to changing technology and business landscapes
Considers change as opportunities to be challenged and grow
Ability to adapt style of communications to match audience and information sharing needs
Wants
Experience performing
secure code reviews
or building internal developer tooling.
Previous work with
AI or LLM‑integrated applications
, model security, or prompt safety.
Experience with
mobile security
, reverse engineering, or platform‑specific secure coding.
Certifications such as
OSWE, OSCP, GWAPT, GCSA, GCPN, or ML security certs
(not required but beneficial).
Ability to mentor junior developers/engineers in secure design and coding practices.
Pay range for this role is $90,000-$125,000 annually, depending on experience.
Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance‑based incentive pay, short- and long-term disability, and a robust wellness program. Click here to learn more about our benefits: http://nelnetinc.com/careers/benefits/.
Nelnet is committed to providing a welcoming and respectful workplace where all associates have the opportunity to succeed. As an Equal Opportunity Employer, we ensure that all qualified applicants are considered for employment. Employment decisions are made without regard to race, color, religion/creed, national origin, gender, sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by federal, state, or local law. We value the unique contributions of every team member and believe that a positive work environment benefits everyone.
Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402‑486‑5725 or corporaterecruiting@nelnet.net.
Nelnet is a Drug Free and Tobacco Free Workplace.
EEO Info (https://nelnetinc.com/wp-content/uploads/EEO-poster.pdf) | EEO Letter (https://nelnetinc.com/wp-content/uploads/EEO-Jeffs-Letter.pdf) | EPPA Info (https://nelnetinc.com/wp-content/uploads/Employee-Polygraph-Protection-Act-Poster.pdf) | FMLA Info (https://nelnetinc.com/wp-content/uploads/FMLA-Leave.pdf)
#J-18808-Ljbffr
The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you're part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.
This position offers a hybrid work option. Nelnet values flexibility and understands the importance of work-life integration. Our hybrid work environment allows associates Living within 30 miles of an office location to work remotely for part of the week, while also fostering collaboration and team connection through in-office presence three days per week.
Please note that we are unable to provide visa sponsorship for this position. To be considered, candidates must already be authorized to work in the United States without the need for current or future sponsorship.
Job Description
Manual Source Code Review
SAST/DAST scanning
Expand the Security Champions program
Develop automated source code review processes
Work with product teams to ensure secure SDLC processes are in place
Provide detail vulnerability reports to businesses
Experience
2–4 years of hands‑on application security experience
Experience integrating security tooling and automated checks into CI/CD pipelines
Familiarity and experience with OWASP Top 10 and web testing methodologies
Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
Experience with technical report writing and communication
Competencies – Skills / Knowledge / Abilities
Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
Solid threat‑modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM‑integrated features
Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets‑detection tools, and ideally AI‑security scanning platforms
Experience integrating security tooling and automated checks into CI/CD pipeline
Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model‑data leakage, and RAG vulnerabilities
Strong knowledge of web/API security concepts (session management, secure storage, transport security)
Excellent organizational, presentation, verbal, and written communication skills
Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
Aptitude for self‑study, setting and achieving long term goals
Actively seeks to remain technically current and increase expertise and abilities
Challenges prevailing assumptions when appropriate
Willing to adapt to changing technology and business landscapes
Considers change as opportunities to be challenged and grow
Ability to adapt style of communications to match audience and information sharing needs
Wants
Experience performing
secure code reviews
or building internal developer tooling.
Previous work with
AI or LLM‑integrated applications
, model security, or prompt safety.
Experience with
mobile security
, reverse engineering, or platform‑specific secure coding.
Certifications such as
OSWE, OSCP, GWAPT, GCSA, GCPN, or ML security certs
(not required but beneficial).
Ability to mentor junior developers/engineers in secure design and coding practices.
Pay range for this role is $90,000-$125,000 annually, depending on experience.
Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance‑based incentive pay, short- and long-term disability, and a robust wellness program. Click here to learn more about our benefits: http://nelnetinc.com/careers/benefits/.
Nelnet is committed to providing a welcoming and respectful workplace where all associates have the opportunity to succeed. As an Equal Opportunity Employer, we ensure that all qualified applicants are considered for employment. Employment decisions are made without regard to race, color, religion/creed, national origin, gender, sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by federal, state, or local law. We value the unique contributions of every team member and believe that a positive work environment benefits everyone.
Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402‑486‑5725 or corporaterecruiting@nelnet.net.
Nelnet is a Drug Free and Tobacco Free Workplace.
EEO Info (https://nelnetinc.com/wp-content/uploads/EEO-poster.pdf) | EEO Letter (https://nelnetinc.com/wp-content/uploads/EEO-Jeffs-Letter.pdf) | EPPA Info (https://nelnetinc.com/wp-content/uploads/Employee-Polygraph-Protection-Act-Poster.pdf) | FMLA Info (https://nelnetinc.com/wp-content/uploads/FMLA-Leave.pdf)
#J-18808-Ljbffr