Analyze, triage, and remediate vulnerabilities identified via SAST, DAST, and software composition analysis tools such as SonarQube, Veracode, Snyk, and Checkmarx.
Refactor insecure Java and Node.js codebases to mitigate vulnerabilities such as SQL Injection, XXE, XSS, CSRF, Deserialization, and Authentication flaws.
Patch and upgrade vulnerable third-party dependencies using Maven/Gradle, and validate post-remediation effectiveness.
Leverage Generative AI tools (e.g., AWS Bedrock) to build or enhance automation workflows for:
Auto-remediation of common vulnerability patterns
Code recommendations and patch generation
AI-driven security analysis and triage assistance
Automate vulnerability remediation and validation within CI/CD pipelines, improving security velocity and reducing manual effort.
Strengthen security configurations in Spring Boot, REST APIs, Node.js services, and Tomcat-based deployments.
Perform secure code reviews, provide remediation guidance, and promote secure coding best practices across development teams.
Collaborate with InfoSec and DevOps teams to validate fixes, perform re-scans, and close vulnerability tickets.
Stay current on security advisories, OWASP Top 10, CWE/SANS 25, and Java/Tomcat ecosystem updates.

Requirements

6+ years of experience
Must Have: NodeJS, vulnerability remediation, and security, Java
Strong hands-on experience with Core Java, Spring Boot, Tomcat, and REST API development
Proficiency in secure coding principles and application vulnerability remediation
Experience remediating issues identified by tools like Veracode, Checkmarx, SonarQube, or Snyk
Knowledge of dependency management and patching practices using Maven or Gradle
Familiarity with Node.js security configurations and remediation techniques
Experience with OAuth2/JWT, input validation, encryption, and secure session management
Understanding of Docker, Kubernetes, and security considerations in cloud-native applications
Preferred: Experience with automating vulnerability remediation using GenAI platforms (e.g., AWS Bedrock, Amazon CodeWhisperer)
Exposure to DevSecOps pipelines, including automated security scans and policy enforcement
Strong understanding of Spring Security, secure API design, and infrastructure hardening
Certifications such as CEH, CSSLP, GSSP-Java, or similar are a plus.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

JavaNode.jsSpring BootREST APIvulnerability remediationsecure coding principlesdependency managementOAuth2JWTencryption

Certifications

CEHCSSLPGSSP-Java