Application Security Engineer – Java / Node.js

The Giant Bullseye is seeking a Java / Node.js Engineer focused on application security remediation and automated vulnerability fixes. This role involves collaborating with InfoSec, QA, DevOps, and engineering teams to enhance security posture across multiple platforms.

Responsibilities:

• Triage and remediate vulnerabilities from SAST, DAST, and SCA tools
• Secure Java, Node.js, Ruby on Rails, and WordPress applications against common OWASP risks
• Patch and upgrade third-party dependencies and harden application configurations
• Validate fixes through regression testing and user flow checks
• Integrate automated security and remediation into CI/CD pipelines
• Build GenAI-assisted remediation workflows using AWS Bedrock or similar tools
• Reduce technical debt, modernize legacy components, and harden cloud, container, and OS environments
• Collaborate with InfoSec and QA teams to close security findings and rescans

Requirements:

• Strong hands-on experience with Java, Spring Boot, REST APIs, and secure coding
• Proficiency in Node.js, Express.js, JavaScript/TypeScript
• Working knowledge of Ruby on Rails and WordPress security
• Experience with Veracode, Checkmarx, SonarQube, Snyk, or similar tools
• Strong understanding of OWASP vulnerabilities and mitigation techniques
• Experience with OAuth2/JWT, API security, Docker, Kubernetes, Linux, and AWS
• Hands-on experience integrating security into CI/CD pipelines
• Exposure to GenAI tools such as AWS Bedrock or CodeWhisperer
• Experience with microservices, cloud-native security, and DevSecOps
• Familiarity with OWASP ASVS and threat modeling
• Security certifications (CEH, CSSLP, OSCP) a plus