Application Security Engineer – Java​/Node.js

Overview

Seeking a Java / Node.js Engineer focused on application security remediation, technical debt reduction, and automated vulnerability fixes across multiple platforms. This role partners closely with Info Sec, QA, Dev Ops, and engineering teams to improve security posture using automation and GenAI-driven solutions.

• Triage and remediate vulnerabilities from SAST, DAST, and SCA tools
• Secure Java, Node.js, Ruby on Rails, and Word Press applications against common OWASP risks
• Patch and upgrade third-party dependencies and harden application configurations
• Validate fixes through regression testing and user flow checks
• Integrate automated security and remediation into CI/CD pipelines
• Build GenAI-assisted remediation workflows using AWS Bedrock or similar tools
• Reduce technical debt, modernize legacy components, and harden cloud, container, and OS environments
• Collaborate with Info Sec and QA teams to close security findings and rescans

• Strong hands-on experience with Java, Spring Boot, REST APIs, and secure coding
• Proficiency in Node.js, Express.js, JavaScript/Type Script
• Working knowledge of Ruby on Rails and Word Press security
• Experience with Veracode, Checkmarx, Sonar Qube, Snyk, or similar tools
• Strong understanding of OWASP vulnerabilities and mitigation techniques
• Experience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWS
• Hands‑on experience integrating security into CI/CD pipelines
• Exposure to GenAI tools such as AWS Bedrock or Code Whisperer

• Experience with microservices, cloud-native security, and Dev Sec Ops
• Familiarity with OWASP ASVS and threat modeling
• Security certifications (CEH, CSSLP, OSCP) a plus