Nelnet
Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, renewable energy solutions, and K-12 and higher education expert. For over 40 years, Nelnet has been serving its customers, associates, and communities.
When you join the Nelnet team, you're part of a community invested in the success of each individual. We are seeking a highly skilled Application Security Engineer with strong experience across secure code review, penetration testing, automation, and modern SDLC practices-including emerging AI/LLM security. In this role, you will partner closely with engineering, cloud, and product teams to safeguard our applications, services, and AI-driven components from design through production. You will combine hands-on technical testing with scalable automation and developer enablement to mature our AppSec program and ensure secure, resilient applications at speed.
This position offers a hybrid work option. Our hybrid work environment allows associates Living within 30 miles of an office location to work remotely for part of the week, while also fostering collaboration and team connection through in-office presence three days per week.
SAST/DAST scanning
• 2-4 years of hands-on application security experience
• Experience integrating security tooling and automated checks into CI/CD pipelines
• Familiarity and experience with OWASP Top 10 and web testing methodologies
• Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
• Experience with technical report writing and communication
Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
• Solid threat-modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM-integrated features
• Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets-detection tools, and ideally AI-security scanning platforms
• Experience integrating security tooling and automated checks into CI/CD pipeline
• Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
• Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model-data leakage, and RAG vulnerabilities
• Strong knowledge of web/API security concepts (session management, secure storage, transport security)
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
• Experience performing secure code reviews or building internal developer tooling.
• Previous work with AI or LLM-integrated applications , model security, or prompt safety.
• Experience with mobile security , reverse engineering, or platform-specific secure coding.
• Certifications such as OSWE, OSCP, GWAPT, GCSA, GCPN, or ML security certs (not required but beneficial).
• Ability to mentor junior developers/engineers in secure design and coding practices.
LI-REMOTE
Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program. Employment decisions are made without regard to race, color, religion/creed, national origin, gender, sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by federal, state, or local law. Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting ator .
We're also a professional services company, consumer loan originator and servicer, payment processor, renewable energy innovator, and K-12 and higher education expert (and that's just a shortlist). For over 40 years, we've been serving our customers, associates, and communities to make dreams possible.