Application Security Engineer Java / Node.js

Job Description

Overview

Seeking a Java / Node.js Engineer focused on application security remediation, technical debt reduction, and automated vulnerability fixes across multiple platforms. This role partners closely with InfoSec, QA, DevOps, and engineering teams to improve security posture using automation and GenAI-driven solutions.

Key Responsibilities

• Triage and remediate vulnerabilities from SAST, DAST, and SCA tools

• Secure Java, Node.js, Ruby on Rails, and WordPress applications against common OWASP risks

• Patch and upgrade third-party dependencies and harden application configurations

• Validate fixes through regression testing and user flow checks

• Integrate automated security and remediation into CI/CD pipelines

• Build GenAI-assisted remediation workflows using AWS Bedrock or similar tools

• Reduce technical debt, modernize legacy components, and harden cloud, container, and OS environments

• Collaborate with InfoSec and QA teams to close security findings and rescans

Required Skills & Experience

• Strong hands-on experience with Java, Spring Boot, REST APIs, and secure coding

• Proficiency in Node.js, Express.js, JavaScript/TypeScript

• Working knowledge of Ruby on Rails and WordPress security

• Experience with Veracode, Checkmarx, SonarQube, Snyk, or similar tools

• Strong understanding of OWASP vulnerabilities and mitigation techniques

• Experience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWS

• Hands-on experience integrating security into CI/CD pipelines

• Exposure to GenAI tools such as AWS Bedrock or CodeWhisperer

Preferred Qualifications

• Experience with microservices, cloud-native security, and DevSecOps

• Familiarity with OWASP ASVS and threat modeling

• Security certifications (CEH, CSSLP, OSCP) a plus